poses some unique challenges . How do you identify a seemingly innocent visitor or a delivery person as being a malicious hacker whose intent is to gain access to your secure data ?
The key is knowing and recognizing common tailgating strategies when you see them . Tailgaters will often pretend to be someone who seems to have a legitimate need to enter the building such as a new employee , a delivery driver carrying a large package , or even a known vendor .
AWARD-WINNING PERFORMANCE
Keep in mind that cybercriminals are great actors . Consider this actual case that happened at a large manufacturing company in Massachusetts . The company shared its close call publicly and internally , crediting an employee for his quick thinking and action .
An employee was outdoors heading toward the cafeteria entrance . He noticed another man — wearing an obscured access badge — lingering outside and talking on a cell phone . The employee “ badged in ” through the first set of doors leading to the cafeteria , surprised to find the man had followed right behind .
In a pleasant , offhand manner , the man joked , “ I hope it ’ s okay I ’ m coming in with you ” and then followed the employee into the cafeteria . The man went on to casually look at his phone and aimlessly walk around . Something didn ’ t seem right , so the employee asked the man to “ badge in ” himself . He agreed and together they approached Security . The tailgater said he was there for a meeting , provided a fictitious name , and claimed he left his own badge in the car . He was escorted out of the building , got into his car , and drove away .
Confronting someone in a situation like this might feel uncomfortable , but the message to your employees is clear : don ’ t let that stop you . Give employees a short script . One option is to say that it is company policy to not let anyone in without their own badge and offer to get someone who can help , ideally a supervisor or manager .
STAYING VIGILANT
Additionally , you can help prevent unauthorized access to company equipment by reminding employees to lock their computer whenever they leave their desk , signing up for multifactor authentication ( when possible ), creating strong passwords , and never inserting a flash or USB drive without being sure of its contents . If an employee sees someone they don ’ t recognize sitting at a coworker ’ s computer or moving through the building , they need to understand the urgency in reporting it to a supervisor .
A . I . M . Mutual has numerous defense measures already in place to secure its facility from this sort of attack . This includes , among other things , an employee badge system , a visitor access protocol , security cameras at all entry points and throughout the parking lot , and other security measures not apparent to the public .
Social Engineering methods are constantly evolving , and to protect ourselves , we must evolve along with them . By educating ourselves and staying vigilant , we can all do our part in protecting data , customers , fellow employees , and our organizations .
MITCH MELEEDY is a Systems Analyst for A . I . M . Mutual Insurance Companies . He holds a Bachelor of Science degree in Business Administration from Merrimack College and is pursuing a master ’ s degree in business analytics at the University of New Hampshire .
BRIANNA GENTILE is the Office Services Supervisor for A . I . M . Mutual Insurance Companies . She joined A . I . M . Mutual in 2017 as a Medical Only Representative and became a Claim Adjuster before assuming a supervisory role in Office Services . She has prior experience as a certified medical assistant as well as histotechnologist .
7