Industrial espionage and organised crime are a real threat, but most surveys show that the more significant risk is from inside the organisation. An employee can often see far more corporate information on the head office network than anyone realises. If hacking were to be defined as “attempting to gain unauthorised access to sensitive information”, then most organisations have several hackers on their staff.
Disgruntled employees (and ex-employees) present a very serious threat to business through access to critical data and personal information. Suppose an employee, with just a little Internet research, discovers how to read everyone’s e-mails or even send mails as if they were the CEO …
Removing and studying the contents of bins marked “For Shredding” or “For Recycling” proves very interesting too, as a source for passwords, network diagrams and personnel information. Shoulder surfing - looking over someone’s shoulder to see door entry codes, their password, information on their screen or what they are writing - is also extremely successful. Sometimes the simplest techniques are the most successful and often do not involve any technology at all.
Another successful technique involves using one of the oldest and slowest method of communication – the postal service (snail mail). It is easy and inexpensive to set up a PO box, providing an ideal way to hide and fake a business. Of course snail mail has no content security so there are no technical controls to bypass! People are more likely to respond to a survey they receive in the post, since it appears much more legitimate when printed on paper. If a stamped, addressed envelope included, then there is little effort or cost on their part. Of course, you offer cash or other prizes for completed and returned surveys.
This blog post is an excerpt of an opinion piece called “Identity Theft in The Corporate World” written by Peter Wood from First Base Technologies. You can find more about this security outfit at http://www.fbtechies.co.uk