Interviewers want to know that you can be discreet in handling sensitive information. They will pose scenarios that will test your ability to gather information without revealing private details.
PII is personal data that can identify an individual. It can be directly collected from the person to whom it pertains or indirectly gathered by third parties.
Social Engineering
Attackers use social engineering to get confidential information such as passwords, credit card and bank account numbers, or to gain access to protected systems or networks. Attackers also use this technique to exploit security weaknesses uncovered during reconnaissance. For example, if a social engineer finds that an employee uses the same password for their personal and work accounts, the attacker can use this information to infiltrate the organization system and steal sensitive information or execute malware attacks.
In addition to using physical tactics, social engineers can also impersonate trusted individuals and send email or text messages containing hidden malware files. Talented scammers can make these attachments appear very similar to real documents or even be indistinguishable from emails sent by a friend or colleague. This is known as water holing. Attackers can also install Trojan software in a user’s computer. Trojans are a type of malware that mimics legitimate software but contains destructive payloads.
To protect against social engineering, users can implement cybersecurity technologies such as spam filters and secure email gateways. Keeping operating systems updated with the latest patches helps to close some of the vulnerabilities attackers exploit through social engineering. Providing employees with training on security protocols and conducting regular tests to ensure they understand these protocols is also critical. In the case of enterprises, implementing a virtual private network is another way to provide a layer of protection. The VPN encrypts communications, making it difficult for attackers to eavesdrop on data.
Observation
The process of carefully watching a situation or group of people is known as observation. Skilled observers can be unobtrusive and ‘fade into the background’ when needed, making it possible to collect information without being noticed. Observation can be used to gather information on many levels, including context, relationships and behaviour. It can also be used to generate new ideas and provide insight into other types of data collection, such as surveys. It can be time consuming and takes longer than other data collection methods. It can also be difficult to verify, as it relies on people’s honesty and awareness. It can also be biased and may not capture the full picture. Nevertheless, it can be useful in generating valuable and valid data. It is a great method for gathering personal information discreetly.