Service Summary
By working with Bridewell to complete a social engineering test, you can gain insight into how capable your employees are at recognizing and responding to social engineering and whether your organization's existing policies are effective at stopping these threats. This is fundamental to identifying vulnerabilities and improving procedures that mitigate the risk of attacks such as phishing, impersonation, and relationship building.
- An Assessment of People and Technologies. Bridewell reviews the processes you have in place to improve people’s awareness of social engineering techniques.
- A Non-Judgemental Assessment. Our penetration testers will not use our findings to blame individuals within the organization and instead provide constructive feedback and support.
- A Complete Range of Penetration Tests. Our tests can assess your organization's security from technological controls to people, processes, and procedures.
- Tailored Engagements for Any Goal. None of our assessments are ‘out-of-the-box’; Bridewell collaborates with organizations to develop a framework that assesses specific areas of concern in line with business objectives.
- Deep Sector Experience. Bridewell have worked with organizations in some of the most highly regulated and critical industries and understand the unique business challenges and risks faced by these sectors.
- Highly Accredited for Penetration Testing. Bridewell is accredited by CREST, the OSCP, Zeropoint Security CRTOs, are Tiger-certified, and possess Certified Cyber Security Consultancy status with the National Cyber Security Centre (NCSC).
- A Realistic Simulation of Real-Life Attacks. Bridewell’s assessments are goal-oriented and accurately recreate the tools, tactics and procedures that would be used by a real-world attacker.
Key Challenges Addressed
Social engineering attacks take advantage of people’s natural inclination to help and support others. If organizations aren’t sensitive to this in how they address this form of attack, they can make individuals feel singled out when they were simply trying to be helpful.
This can discourage what are otherwise positive behaviors within the organization (such as responsiveness and collaboration) or disengage people from social engineering awareness or training programs.
To address this, organizations need to minimize risk for the wider business without making people feel like they are being tested or reprimanded. However, organizations may lack the experience to deliver a people-first approach to social engineering training and awareness that ensures people feel fully supported.

Key Benefits
Here are just some of the benefits of trusting Bridewell to assist with your Social Engineering Testing.
Targeted Awareness Training
Enhance your employees’ ability to identify social engineering attacks.
Review Information Security Policies and Controls
Determine how effective your information security policy is and how controls can be improved to identify and prevent attacks.
Understand Risk
Establish what an attacker could obtain from your business through a successful attack.
A Valuable Component of Wider Penetration Testing
A social engineering assessment is a useful component within a wider testing process that can support red teaming of assumed breach testing.
How It Works
Our social engineering penetration testing services begin with a detailed scoping session with you to identify key risks and what processes and procedures are currently in place to mitigate them. These processes and procedures should empower your staff to identify and prevent potential social engineering attempts.
Our assessments cover all types of social engineering, whether on or off-site:
- Relationship-Building Attacks - A long-term social engineering attempt that aims to build trust that can later be exploited, often in support of supply channel attacks.
- Baiting/ Luring - Physical media devices can are used to lure employees into connecting it to a computer system, often containing malware.
- Physical Intrusion - Disguising as an employee or employing other social engineering techniques to get access to the premises and to reach valuable information, plant listeners, plug in network devices within restricted areas of the target company.
- Impersonation - Disguising as an employee to get access to the premises and to reach valuable information, sometimes in restricted areas of the target company.
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organization. These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.

Our assessments cover all types of social engineering, whether on or off-site:
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organisation.
These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.
FAQs
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.