Organizations are finally starting to become aware of the benefits of using appropriate encryption technology to ensure that information they hold is protected against the risks of data theft and or manipulation.

However, with the growth in adoption of using encryption to protect files and sensitive data, organizations are failing to ensure that other policies are up-to-speed with the advantages offered by encryption. One of the largest gaps is the spending on training to ensure that there is critical awareness about the risks involved in failing to follow security policies.

Social attacks have played a part in various forms of hacking since it began, and given the increased security offered by encryption social attacks are once again playing a large role when it comes to acquiring access to encryption keys in order to decrypt and steal sensitive information.

In the corporate environment, data theft can cost billions of dollars. It seems stupid to try to cut corners by not offering appropriate security guidelines for staff that have physical or virtual access to any location where sensitive information is kept. This means ensuring that there are clear processes and guidelines in place when it comes to divulging key information.

However, hackers that try to launch social attacks are undoubtedly going to be able to find a weak link somewhere within the organization. The only way to limit the effects of social vulnerabilities within the organization is to ensure that key access is restricted to a few individuals company wide.

No matter what, social attacks will continue to be a risk that no software can guard against, as we are all vulnerable to the effects of coercion.
The only thing we can do is to ensure that employees are aware of the risks and access is restricted to all but the most trusted individuals.