Physical Access Social Engineering is the process of exploiting the human element of your organisations attack surface in an attempt to gain physical access to your organisations premises.


Social Engineering is not always a targeted and planned out attack but can often be a crime of opportunity which leads to the access and theft of sensitive company information or assets.

There are two main reasons for undergoing any Social Engineering Assessment:

  • To review the physical security of your company’s premises
  • To review your staffs responsiveness to unknown individuals operating within the workplace.

Each of these can play a critical part in the overall security of your organisation and can require regular testing to ensure your staff are adhering to security policies and procedures.

As part of our approach, our Penetration Testers use a number of both interactive and non-interactive techniques to gain access to your company premises and attempt to establish access to the network and sensitive business information, both physical and digital.

Our extensive reports provide a comprehensive breakdown of the methods of access used, each action carried out and the remediation advice, both physical and policy based, to prevent any further breaches of your organisation.

A Social Engineering Physical Access Assessment and report will allow your business to:

  • Receive assurance around your organisations physical security posture.
  • Test the overall responsiveness of your staff to unknown individuals operating within the workspace.
  • Directly measure staff compliance against internal policies and procedures
  • Adhere to regulatory bodies who require Physical Access Testing be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. Why do I need a Social Engineering Assessment?

All of the defensive measures that are taken to protect your company assets may be thwarted by an individual who can simply walk into your building.

Threats such as these are not always a targeted attack but can often be a crime of opportunity which leads to the access and theft of sensitive company information or assets.

Securing your physical premises, ensuring staff are well trained and know how to respond to an unknown individual should therefore be an important consideration for any organisation when considering their security policies and procedures.

2. Which physical locations Should I have tested?

Maintaining a secure head office is important, however it is important to consider each of your physical premises. The security of one location could be easily bypassed if your smaller branches all access the same internal resources and do not enforce the same levels of security or staff awareness training.

As part of the assessment process we can discuss your potential risks and concerns to plan an approach to testing your physical locations which works for you.

3. What will I receive after the test has been completed?

The deliverable from a Social Engineering Assessment is a full report, detailing and contextualising each identified vulnerability against the business, relaying the risks and providing specific remediation advice.