Protection against 'social engineering'
An international telecoms company highlighted in May this year an emerging technique that is enabling criminals to bypass even the most hi-tech protection systems to steal confidential business information.
Research from Siemens Enterprise Communications has warned against the growing threat of 'social engineering', in which a criminal gains the confidence of people within the targeted business. According to Colin Greenlees, a security and counter-fraud consultant with the company, "The scary thing is that it's all simple stuff. It's just confidence, looking the part and basic trickery such as 'tailgating' people through swipe card operated doors."
In a week-long experiment, a Siemens employee used such techniques, not only to enter a FTSE-listed company's offices without being challenged by security guards, but even to base himself in a meeting room where he worked for several days, to access the company's data room, IT and telecoms network and to persuade 17 employees to give him their usernames and passwords.
While big business is the primary target for social engineering attacks, there are still lessons to be learned by smaller organisations, particularly those that use contractors and temporary staff. Ensure that all employees are prepared to challenge people they do not know, and that you are fully aware of who is entitled to be on your premises at all times.
Contact
Judith Ellery Head of Employment
Bethan Southcombe Solicitor
Related Issues
This article summarises the law on issues which we believe may be of interest to your business. It is not a comprehensive review of the subjects and accordingly is published without responsibility for loss occasioned to any person(s) acting or refraining from action as a result of information published. This document is provided for information only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.