One propped open door to a smoking area can be a huge security risk for a company otherwise focused on battening down the network hatches.
Smoking isn't just bad for your health, it seems that it's also bad for company security, according to a new study.
With companies banning smoking inside their offices, smokers are forced outside -- usually to specific smoking areas in the back of the building. The doors leading out to them are a major security hole, according to a social engineering study undertaken by NTA Monitor Ltd. a U.K.-based Internet security tester.
NTA's tester was able to easily get inside a corporate building through a back door that was left open so smokers could easily and quickly get out and then back in to work, according to the company. Once inside, the tester asked an employee to take him to a meeting room, claiming that the IT department had sent him. Even without a pass, he reportedly gained access unchallenged and was then able to connect his laptop to the company's VoIP network.
"It used to be that companies 'left the back door open' in terms of Internet security," said Roy Hills, technical director at NTA Monitor, in a written statement. "Now, they are literally leaving their buildings open to accommodate smokers. We are experiencing a surge in demand for social engineering tests as hackers are turning to social techniques to infiltrate corporate networks. This latest social engineering test has proved that once inside a corporate building, an attacker can use social methods on employees to gain access to restricted areas and information if a rigid staff pass system is not in place."
Social engineering, in this sense, refers to con artists or hackers bypassing computer security by manipulating people to disregard normal security rules.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.