A Study into the Social Engineering Risk and Its Effects in the Public Institutions in Ghana

Abstract

This study seems to identify and access the risk that social engineering has on information in public institutions in Ghana. In this work, we will be discussing the techniques that are used in Social Engineering in public institutions in Ghana and find out the differences existing between the user groups in an organization that have been trained formally about information security and the user groups without any formal training on information security to identify the importance of having a proper security policy in protecting organization on the risk of social engineering threats (Kevin, Simon, & Steve, 2002). This study will clearly identify the Social Engineering risk and its presence in public institutions in Ghana (Huber, Kowalski, Nohlberg, & Tjoa, 2009).The aim of this research is to investigate the level of risks social engineering on Sunyani Technical University and the counter measures adopted to mitigate them thus ensuring business continuity the investigation additionally talks about the findings and recommendations which can be utilized by the institutions to impede the risk of data spillage through social engineering. The research design used in this research to obtain the data was a survey. Quota sampling techniques was employed for this research. A sample size of 50 respondents made up of 30 senior management members and 20 IT staffs were chosen from Sunyani Technical University in Ghana which is the study area. The study collected data from both secondary and primary sources. Secondary data were collected from journals as well as other related publications on the subject to review literature. Primary data were collected mainly through the administration of structured questionnaire amongst the selected respondents. The study revealed that there has been some social engineering threat in recent times in most of the public institutions in Ghana but most of the senior members and also IT staff are not aware. This study recommends that institutions and organizations go by the security management process which consist of the policy statement, then awareness creation which will be followed by audits.
The study was limited by time at the disposal of the researcher in researching deep into all forms of social engineering risk in public institution Moreover, the officials at university were reluctant in releasing information, which they considered as confidential for fear of leaking it to the public.