In a new security article on social engineering Microsoft highlights what measures can be taken to both prevent and remediate socially engineered attacks.
Some key highlights are:
- Limit attack surface
- Limit user accounts and strictly monitor high privilege accounts
- Maintain a proper incidence response team
- Risk analysis and weighting
- Proper training
You can read the full article for details but I think those are the tips that stand out. The go-to policy for many companies is “enforce periodic password changes, don’t hand out smartphones to just anyone, tell users to be secure.” That’s my (limited) experience at least. This article should prove useful to anyone willing to put the work into maintaining a secure environment.