There are many factors that make companies vulnerable to attacks. A few factors are mentioned as follows:
1- Insufficient Security Training: it is the minimum responsibility of any organization to educate their employees about various security aspects including threats of social engineering in order to reduce its impact on companies. Unless they have the knowledge of social engineering tricks and their impact, they don't even know even if they have been targeted and. Therefore, it is advisable that every company must educate or train its employees about social engineering and its threats.
2- Lack of Security Policies: Security standard should be increased drastically by companies to bring awareness to employees. Take extreme measures related to every possible security threat or vulnerability. A few measures such as a password change policy, access privileges, unique user identification, centralized security, and so on can be beneficial. You should also implement an information sharing policy.
3- Easy Access of Information: For every company, one of the main assets is its database. Every company must protect it by providing strong security. It is to be kept in view that easy access of confidential information should be avoided. Employees have to be restricted to the information to some extent. Key persons of the company who have access to the sensitive data should be highly trained and proper surveillance has to be maintained.
4- Several Organizational Units: it is easy for an attacker to grab information about various organizational units that is mentioned on the INTERNET for advertisement or promotional purposes.