August 06, 2010, 8:09 AM — by Brent Huston, Microsolved, Inc. - Social Engineering is a bustling enterprise. There are plenty of books and websites that can help you formulate a strategy. The more you learn, the stronger your defense. Make sure you check it out!
Hacking the Human
by Ian Mann
No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
by Johnny Long, Jack Wiles, and Scott Pinzon
The Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon, and Steve Wozniak
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
by Kevin D. Mitnick and William L. Simon
SANS InfoSec Reading Room - Social Engineering website (with a Wiki Framework)
Social Engineering: The Basics (CSO Online)
With a bit of self-study, you'll be able to further educate your own staff on how to be on the alert for suspicious characters and potentially dangerous websites. They'll know who to call when something doesn't "seem right." Good luck!
Brent Huston is CEO and Security Evangelist for Microsolved, Inc., a leading provider of security assessments and penetration testing, as well as, the developer of the HoneyPoint line of security software products.
