Phishing, where attackers use deceptive emails to trick someone into revealing sensitive information, and pretexting, where attackers manipulate individuals into providing confidential information by creating a false scenario.
Do not use portable storage devices.
Create a strong cybersecurity awareness program that educates employees about common social engineering tactics and how to identify and respond to them effectively. Regularly remind employees to be cautious about sharing sensitive information and to verify the identity of anyone requesting information. Implement multi-factor authentication and access control measures to add an extra layer of security to sensitive systems and information. Conduct regular security assessments and simulations to identify vulnerabilities and gaps in your organization's defenses against social engineering attacks.
yes
yes
yes
passive attacks : footprinting, trashing active attacks : sniffing, social engineering
keeping hidden from public view any passwords that are posted in the work area
Social Engineering
Attacks using social engineering rely on human trust - and by exploiting trust, one can gain access to computer systems much quicker than resorting to traditional methods if said systems are hardened to a point where it is not possible to gain entry within a short amount of time. For example, take a look at XKCD's comic strip about this topic.
social engineering
Trojan horse, virus and worm not social engineering by prana kumar dubey, hcl cdc, agra