The following are additional measures that can reduce the threat of social engineering attacks against an organization:

• Implement a password policy that ensures that users change their passwords periodically while avoiding reusing previous passwords. This will ensure that if an employee's password is leaked via a social engineering attack, the password in the attacker's hands could be rendered obsolete by the password policy.
• Ensure that security guards escort all guests and visitors while on the compound.
• Implement proper physical security access control systems. This includes surveillance cameras, door locks, proper fencing, biometric security measures, and more to keep unauthorized people out of restricted areas.
• Implement the classification of information. The classification of information allows only those with the required security clearance to view certain data and have access to certain systems.
• Perform background checks on new employees and implement a proper termination process.
• Implement endpoint security protection from reputable vendors. Endpoint protection can be used to monitor and prevent cyberattacks, such as social engineering attacks, phishing emails, and malicious downloads, against employees' computers and laptops.
• Enforce two-factor authentication when possible.

In the next section, we'll look at how to detect a phishing email.