Information is a vital asset needed by many organizations to function effectively. However, this asset can easily be compromised thus its protection is crucial to the efficacy of an organization. A common information security breach used is social engineering. Social engineering is the use of manipulative and deceptive techniques against the inherent nature of human beings to access sensitive and confidential information to achieve an illicit action or omission of action. Through a qualitative inquiry, this article investigated the perceptions of employees concerning social engineering in the workplace to extract practical lessons from local businesses located in Gauteng Province, South Africa.The findings confirm that human beings should be at the forefront of defense against social engineering attacks and advocates for a multi-inter-trans-disciplinary social engineering protection model to practically assist organizations in developing a healthy and effective information security culture.