Seminar to show how companies can protect themselves from damaging leaks of information

The seminar, presented by RavenEye, will show business people how to defend against social engineering attacks and prevent security breaches

TAMPA, Fla. October, 2005 - Some of the most damaging security leaks that companies face don’t happen as a result of internet-based attacks or through so-called computer hacking. They happen right over the telephone.

Highly sensitive information is often handed over unwittingly by trusted employees who never even know they are being conned. It happens every day at businesses large and small throughout America and around the world.

The various techniques used to charm or con sensitive information out of trusted employees is often referred to as “social engineering.” And Joseph Kirkpatrick, the president of RavenEye, an information security consulting company, knows all the tricks of the social engineering trade.

Kirkpatrick and his RavenEye associates will share what they know about social engineering, and how employees can be on guard against it, during a seminar at the Hilton Times Square hotel, 234 West 42nd St., New York, on Nov. 3 between 10 a.m. and 5 p.m.

“We’re doing this in response to a high level of interest out there on the part of business owners who are looking for someone to address what can be done to heighten employee awareness about social engineering,” Kirkpatrick said. “Many employers spend lots of money on technology, but then wonder whether someone internally may be doing something knowingly or unknowingly that might compromise the company’s confidential information.”

Social engineering attacks can take many forms, Kirkpatrick said, but well-engineered attacks can net all sorts of critical information that can then be sold or used in a number of ways.

“Typically, someone can call in from outside, claiming to be someone they aren’t – an employee, for example, or a vendor,” Kirkpatrick said. “In big companies, it’s impossible to know every employee, and a smooth-talking person can extract a surprising amount of information from an unsuspecting employee who is only trying to be helpful.”

Experienced con artists can get connected to a company’s network, can extract sensitive information about executives and employees, or get access to sensitive accounts, all without raising the suspicions of the employee, Kirkpatrick said.

Companies are more aware now about the dangers of social engineering attacks for several reasons, Kirkpatrick said. For one, the state of California recently passed legislation requiring companies to make customers aware of any breaches involving customer’s financial information, and many other states are following suit. For another, the news media has been reporting stories about information attacks on companies.

“At the seminar, we will set the stage by explaining why this is a risk, and we will present a number of case studies and talk about the impact and the implications,” Kirkpatrick said. “We will demonstrate how easy it is to convince someone to provide information without following proper procedures, and we will then talk about the things businesses can do to make sure that they don’t fall victim to these kinds of attacks – training and assistance and setting your own procedures to make sure employees know what to do.”

The seminar fee is $295 per person, or $245 per person if there are five or more registrants from the same company. Lunch and snacks will be served. Participants can register at www.RavenEye.com/register, or by calling 888-563-7221.

About RavenEye RavenEye, based in Tampa, Fla., provides information security consulting services for businesses seeking to comply with federal and state information security laws. Internal policies and procedures are put to the test during real-world attacks on the company’s sensitive information by certified information security professionals, who pose as outsiders and/or employees. The company’s response to those attacks is then analyzed, and recommendations for new security measures are designed and offered. For more information, visit the company’s website at www.RavenEye.com