How hard is it to hack into an organization? In theory, it should be quite difficult. Most organizations implement robust cybersecurity controls and policies — the barriers that are designed to protect confidential information and prevent criminal hackers from breaching systems and networks. Hacking, however, doesn’t always require a computer; so those barriers only represent one side of the defensive layer. There’s also the non-technical side; the unplugged threat posed by people who use old-school techniques to physically gain unauthorized access.
Let’s explore what those threats entail and how you can prevent them.
Tailgating
Physical access to buildings and workplaces offers a lot of value to criminals. That’s why they might attempt to sneak in behind someone after that person unlocks a door — an attack known as tailgating. As unlikely as that scenario sounds, it remains a possibility and is a firm reminder to utilize situational awareness by ensuring entry points to protected areas are always secured.
Dumpster Diving
Don’t underestimate the willingness of data thieves, some of whom have no shame in digging through trash or recycle bins. Their hope is to find documents that contain confidential information or discarded smart devices where the data hasn’t been properly erased. Be sure to properly dispose of any physical documents or assets that contain sensitive data.
Piggybacking
It’s polite to hold doors open for people, but it could also be a potential security incident. A scammer might dress up as if they’re a member of an organization and claim they don’t yet have a badge, so they need you to open the door for them. They “piggyback” off your access. It’s not much different than giving someone else your username and password.
Shoulder Surfing
Imagine someone on an airplane reviewing documents that contain sensitive information. How easy would it be for anyone sitting near that person to see details like full names, financial information, and email addresses? This unfortunately common scenario highlights the importance of discretion. When in public, it’s best to avoid accessing or discussing anything confidential.
Some non-technical threats might seem unlikely, but don’t ignore them! Protecting information, assets, and (most importantly) people requires a commitment to security awareness both online and in real life.
Article retrieved from Non-Technical and Physical Security by The Security Awareness Company – KnowBe4, Inc. (2023)