Physical Testing & Social Engineering

People are always the weakest link!

Tesserent’s Social Engineering engagements test whether your security controls (physical, human, email, phone) can be bypassed.

How we can assist:

OSS Assurance Maturity Model

Our testing methodology is tailored to each organisation’s specific needs and IT infrastructure. Tesserent technical assurance & testing experts manipulate an organisation’s employees into allowing unauthorised access to confidential information. This allows the organisation to test their:

  • Information Security Policy and
  • Employees’ adherence to that policy.

By engaging Tesserent cybersecurity services to perform this physical pen test, you can identify failure points. Once you have your benchmark, Tesserent can help you better inform and educate your staff to be attack and hacker-aware through our Security Awareness Training.

We start by listening.

Frequently Asked Questions

Why Should I Perform Social Engineering Testing?

  • People are generally the weakest link in any security program. This includes both employees that deliberately steal corporate data and, more commonly, employees who, lacking the necessary understanding and awareness of IT security, make mistakes.
  • Human error is the most common entry point into an organisation. Phishing attacks, social engineering and lack of security patching remain the most common attack points.

What is the difference between on-site and off-site testing?

Off-site: A remote Social Engineering engagement involves the manipulation of the organisation’s staff by telephone or email in an attempt to get employees to divulge user names, passwords, customer NPPI (Non-Public Personal Information) or other confidential information. Scenarios might include:

  • Pretext Calling (e.g Employees and Help Desk Teams)
  • Spoofing emails to make them appear like internal emails.
  • ‘Dropped USB’ - luring employees to run payloads.

On-site: During an on-site engagement, Tesserent will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information. The on-site engagement techniques typically include:

  • Dumpster diving
  • “Trusted Authority” disguises, such as fire inspectors, air conditioning repairman etc.
  • Employee Impersonation (IT HelpDesk, New Hire and Auditor)

The aim of these engagements is to test for and improve, for example:

    • Secure physical access to secure areas
    • Proper Disposal of Sensitive Data
    • Privacy Policy Awareness and Implementation
    • Violation Reporting
    • Access Privileges

Our ultimate aim is to help you better inform and educate your staff to be attack and hacker-aware.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 5 min