Confidence tricks and a bit of employee deception are more enough to help a crook waltz into your office and start swiping secret data, according to a new study by Siemens Enterprise Communications. A consultant from the IT firm managed to blag his way into the office of a FTSE-listed financial services firm and then hang around for a week, looking at confidential documents, persuading users to give up their passwords, and making friends with the security guards (who even let him bring extra people into the building). There's a man who's watched too many episodes of Hustle...
The scam was carried out by Siemens consultant Colin Greenlees, at the behest of the unnamed firm's IT director - who presumably didn't think security was up to much. And clearly he was right: Greenlees merrily waltzed into the lift on the ground floor, which was held open by none other than the company's MD, and then proceeded to base himself in a third floor meeting room for five days. From there he managed to get access to other parts of the building, see a highly market-sensitive merger document and persuade 17 people to hand over their passwords by calling up and pretending to be from IT. He also quickly deduced that the CCTV cameras on the ceiling weren't actually in use.
According to Siemens, it's just a matter of basic social engineering, i.e. manipulating people in social situations. So Greenlees would just follow people through security doors, or even carry two cups of coffee so people would open the door for him. It's not exactly rocket science, as he admits - 'The scary thing is that it’s all simple stuff... It’s just confidence, looking the part and basic trickery'. But it might be enough to render much of your expensive IT, data and building security measures all but useless.
Greenlees insists the bad guys won't be afraid to resort to such measures - particularly when people like him are so keen to demonstrate how gullible we all are, presumably. 'It’s important that senior executives understand how easy this is, but also how they can effectively counter the threat by actually practicing what they preach,' he says.
So next time you see someone waiting at the door with two cups of tea, contorting themselves in an effort to reach their swipe card, perhaps you should ignore your instinct to help and leave them to struggle...
In today's bulletin:
Barclays bounces but Lloyds still a loser
Unilever profits hit by cheapskate shoppers
Editor's blog: Advertising in a global meerkat
'Patronising' Branson ad leaves Virgin staff steaming
The dangers of office politeness