Module Question 10
- Define “social engineering” and provide three examples (e.g., pretexting, baiting).
- What are the key components of a good security awareness training program for employees?
- How can a simple “clean desk” policy contribute to the overall security of a business?
Status: 100% sudah tercapai
Keterangan: Saya sudah mengerjakan essay ini dengan baik dan benar
Bukti:
-
Social engineering is a type of cyberattack that relies on manipulating people rather than hacking systems. Instead of breaking into technology, attackers trick individuals into revealing sensitive information (like passwords or financial data) or performing actions that compromise security. It takes advantage of human psychology, such as trust, fear, or curiosity.
Here are three common examples:
- Pretexting: The attacker pretends to be someone trustworthy (like an IT staff member) and creates a fake scenario to convince the victim to share confidential information.
- Baiting: The attacker offers something tempting (like a free download or a USB drive) to lure the victim into clicking or using it, which can install malware.
- Phishing: The attacker sends fake emails or messages that appear legitimate (e.g., from a bank or company) to trick users into entering sensitive information on a fake website.
-
A good security awareness training program is designed to educate employees, change behavior, and reduce human-related risks. It’s not just about giving information, but making sure employees understand and apply it in real situations.
Key components include:
- Clear and relevant content: Training should cover essential topics like phishing, password security, social engineering, data protection, and safe internet use—tailored to the employee’s role.
- Regular and continuous training: Security awareness shouldn’t be a one-time session. Ongoing updates help employees stay aware of new threats.
- Interactive learning: Quizzes, simulations (like fake phishing emails), and real-life scenarios make the training more engaging and effective.
- Simple and practical guidance: Employees should learn what actions to take, such as how to report suspicious emails or create strong passwords.
- Strong policy communication: Company security policies should be clearly explained so employees know the rules and expectations.
- Measurement and feedback: Tracking results (e.g., phishing simulation performance) helps identify weak areas and improve the program.
- Management support: Leadership involvement shows that security is important and encourages employees to take it seriously.
-
A simple “clean desk” policy contributes to business security by ensuring that sensitive information is not left exposed in the workplace. When employees clear their desks of documents, notes, USB drives, or unlocked devices, it reduces the risk of unauthorized access, whether from visitors, other employees, or even cleaning staff.
This policy also helps prevent data leaks and accidental exposure. For example, printed reports, passwords written on sticky notes, or confidential files can easily be seen, taken, or misused if left unattended. In addition, it encourages employees to develop better security habits, such as locking their computers and properly storing important documents.
