There's a new guy working in your office. You haven't seen him around before and he keeps switching desks, using those of people who are out of the office, or work different shifts.
He has a nice smile and seems really friendly. You guess he works in IT because he always has a laptop and fiddles with peoples desktop PCs quite a bit, but you haven't spoken to him directly yet.
As time goes by you work out he's a bit of a charmer. He has a way with people, makes them feel comfortable with him around and some of the ladies in the office have taken quite a shine to him. He's witty, amusing and likes to bring in biscuits or doughnuts for everyone.
Eventually you find out his name is Tim and he is something to do with IT - you were right! You pluck up the courage to chat to him, and he tells you about his family, his wife and kids, his favourite sport and the team he supports. You get chatting about common interests; he's a really nice bloke and can talk well about almost any topic - not your typical IT geek then, phew!
The following Monday you see no sign of Tim, but you think nothing of it. He's probably off today or working at your other site.
By Wednesday, you have realised he must be off on holiday - you hope he's not ill or anything, especially that lovely wife of his.
The next Monday morning arrives and still no Tim. You don't worry too much because your PC is playing up and you can't log in to the network.
After logging a call with the Helpdesk, you notice that there seems to be a lot of senior managers and directors in various meetings, all looking very serious. Oh god, not more redundancies. So you knuckle down and look busy - as much as you can without your computer, putting the lack of Tim to the back of your mind.
When you turn up on Tuesday morning you see that everyone is being taken into a room with some gentlemen in suits - you were right, it is more redundancies. Your turn to go in the room comes and you enter with some trepidation.
The rather stern looking gentleman in front of you says, "My name is Detective Sargent Jim Gallows. What can you tell me about someone working here recently called Tim... ?"
And that's when you find out that Tim didn't work in IT, he didn't actually work for your company, or a supplier. In fact it's very doubtful his name was even Tim.
You also find out that your company computer systems are offline because they have been infected with a virus which has deleted all your corporate data, but not the police suspect, before "Tim" took copies of all your essential information - personnel records, bank account & credit card details, sensitive customer records, financial data, etc. "Tim" and whoever he worked for now knows more about your company, its employees, suppliers and customers than your company does!
That's all because you, your colleagues and managers didn't check who "Tim" was, didn't make sure he had the permission and the authority to be where he was, doing what he was doing.
Your company has just been the victim of a social engineering scam. "Tim" had essentially conned his way into your company, planted key-loggers on peoples PCs to collect their user Ids and passwords. He had then connected his laptop to your corporate network and hacked into various systems, using the credentials he'd collected, to steal all you vital business data. At the end of this he had uploaded his virus to the network, ensuring you didn't have access to your systems for at least a few days.
Now imagine if there was no virus, no tell-tale to let your IT people know something was wrong. Would you even know this had happened?
Lee Hezzlewood is the founder of Secure Thinking, a UK company providing specialist services in Data Protection and Cyber-Security. Get help setting up your Security Awareness Programme.
Article Source: https://EzineArticles.com/expert/Lee_Hez
Article Source: https://EzineArticles.com/expert/Lee_Hezzlewood/1360530
0 Comments
If you have any doubts, Please let me know