Social engineers act and look like the belong in whatever situation they find themselves in.
They don't suspiciously sneak around, they smile and greet employees in corridors.
They don't ask front desk staff to lead them to areas in the building,
they simply barge past the front desk like already know their way.
Ways to Prevent Social Engineering:
Challenge strangers, know your surroundings. Greet and Assist is the best "Rule of Thumb"
Watch for questions that don't match the person your're talking to
Verify before trusting people at their word. If "Dr. _______ told me to ..." verify with Dr. _______ before giving them the information.
Get management involved if necessary.
Never reveal organization or patient information unless they have verified the identity of the person and validity of the request.
Never use USB thumb drives found around on the premises.
Never give out sensitive information over the phone, especially as a call recipient. Verify they are on the "Need to know" list.
Phishing is the electronic version of social engineering. Never browse the internet, never check non-work related emails, never play online games, or do anything unnecessary on computers that handle PHI. Most important, never click on unsolicited links, especially in emails.