Don’t forget the front desk part of cyber security

There is an article in the Summer 2016 issue of Security Smart about a security consultant who was hired to infiltrate a company’s buildings and networks to assess the effectiveness of its security procedures.

He walked in off the street and told the lady at the front desk that there was a ticket put in and asked if they received an email notification that he would be there to do some migration on the network. The undercover security consultant then asked her to log out and allow him to sit down at the desk. He plugged in a key logger, which covertly tracks the keys struck on a keyboard.

Then, he asked her to log back in so that he could pull up a command prompt to test the connectivity. She did and the key logger recorded the password. He told her that because he would have to ask her to do that a few times, he would like her to write down her password, and slid over a Post-it stack to her with a pen, as if that was normal. She wrote down her password and slid it back to him while he clicked around, gained access to network shares and several systems on the network.

The undercover security consultant asked her if she ever works from home and she said that she couldn’t ever get the VPN to connect. He told her that if she could tell him how she is supposed to remotely connect to the network that he could try to reset some things for her while he was there. She did and before long he had another gig of data, domain credentials, an encryption key, and a tutorial about how to connect to the VPN.

The article says “Don’t be gullible. Always double-check an outsider’s story, especially when that person is claiming to need access to company equipment or sensitive information. It’s perfectly OK to take a minute to call and verify someone’s story and/or credentials, whether the person appears legitimate and sympathetic, or impatient and inconvenienced. And never, ever write down your passwords.”

2016-09-06T10:23:40+00:00 September 6th, 2016|

One Comment

  1. Kit Luclucan September 7, 2016 at 1:12 am - Reply

    Nice article. Today you really have to stay vigilant at all times specially that you can never know when bad things could happen. All companies should consider putting cameras specially in the front desk section for documentation purposes when something suspicious happen just in case. Also, they should invest on putting biometric system for added security. Most virtual offices or serviced offices has this type of technology, and it is really useful for keeping track of the people entering and leaving the premises of the building.

Leave A Comment