In a recent incident reported in U.S. News, an office secretary unknowingly gave some of her law firm’s most private data to a gentleman who had bought a Comcast Cable polo shirt off eBay. Dressed in khakis with a tool belt, he told the secretary he was there to audit the firm’s cable modem specifications and take pictures of the install for quality assurance.
She had no reason to suspect that he was part of a now-extinct hacker ring. The ring would gain access to a business’s private network by going inside the office and noting the configuration details and passwords for firewalls and cable modems. In some cases, the hackers actually built a secure VPN private backdoor which they later used to steal data.
If someone dressed up in a utility provider’s uniform, would you let them in?
Ask for identification. Ask who the supposed representative spoke with about the service to be performed. And be gracefully suspicious, as they say in the South. Conform to company policies about allowing visitors in the building, if such policies exist. If they don’t exist, work to define them.
And get help from security professionals, if needed. This is a real problem your office needs to address.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.