Smokers Open The Door For Hackers ... Literally
One propped open door to a smoking area can be a huge security risk for a company otherwise focused on battening down the network hatches.
Smoking isn't just bad for your health, it seems that it's also bad for company security, according to a new study.
With companies banning smoking inside their offices, smokers are forced outside -- usually to specific smoking areas in the back of the building. The doors leading out to them are a major security hole, according to a social engineering study undertaken by NTA Monitor Ltd. a U.K.-based Internet security tester.
- Strengthen Organizational Agility with the Latest Advances in Case Management
- Accelerate Agility Now: WebSphere Application Server v8.5.5 Overview
- Altair Speeds Complex Simulation and Workload Management with the Intel' Xeon Phi Coprocessor
- How Virtualization is Key to Managing Risk
NTA's tester was able to easily get inside a corporate building through a back door that was left open so smokers could easily and quickly get out and then back in to work, according to the company. Once inside, the tester asked an employee to take him to a meeting room, claiming that the IT department had sent him. Even without a pass, he reportedly gained access unchallenged and was then able to connect his laptop to the company's VoIP network.
"It used to be that companies 'left the back door open' in terms of Internet security," said Roy Hills, technical director at NTA Monitor, in a written statement. "Now, they are literally leaving their buildings open to accommodate smokers. We are experiencing a surge in demand for social engineering tests as hackers are turning to social techniques to infiltrate corporate networks. This latest social engineering test has proved that once inside a corporate building, an attacker can use social methods on employees to gain access to restricted areas and information if a rigid staff pass system is not in place."
Social engineering, in this sense, refers to con artists or hackers bypassing computer security by manipulating people to disregard normal security rules.