LOCKNET IT Solutions

LOCKNET

How Safe is your Information?

September 10, 2008

The computers in your company’s offices store a lot of valuable information, and someone may be trying to steal that data right now.

That criminal could be some computer whiz, surrounded by high-tech equipment and trying to hack his way into your files from thousands of miles away.

Or it could be that friendly stranger who walked through your front doors a few minutes ago and talked his way past your receptionist.

Hey! Where did that guy go?

Businesses need protection form both exterior and interior information thieves, but the more dangerous enemy could well be that friendly stranger, according to officials with LOCKNET IT Solutions.

Thomas Ezdon, compliance director for LOCKNET’s La Crosse office, frequently is that friendly stranger.

Company managers, seeking to evaluate the vulnerability of their business system and information, often contact LOCKNET and ask for an assessment of their defenses. That can mean LOCKNET sends an undercover computer user and file thief sneaking into the company’s offices to see what he can get away with.

That is where Ezdon enters the picture, and the target offices.

“I’m rarely caught,” he said. “And even when I’m caught, I can almost always talk my way out of it. The bolder I am, the more likely it is that I will get away with the most outrageous demands.”

Ezdon said he does some Web research about the target company, memorizes the names of some of its managers and some basic information about the business, dresses like its employees do and hits the front door.

“I say hi to people, smile and interact a little,” Ezdon said. “I take advantage of human nature.” Dropping a manager’s name and some vague explanation of why he’s there often is sufficient to get him past the receptionist.

“Then Tom wanders around the business, brazenly entering offices, and he is almost never challenged,” according to Pete Griffith, executive director of LOCKNET, which has clients in 14 state, although most of its business is done in Wisconsin, Minnesota and Iowa.

Employees notice the stranger in their midst, “but they assume someone else gave him permission to be there,” Griffith said.

If he is challenged, Ezdon frequently claims to have permission to be there from someone in management. “About 99 percent of the time they don’t call that manager to confirm my story,” he added.

Once inside, Ezdon said, it usually is easy to find a computer and settle down in front of it. That can mean something as easy as locating an empty office. It often isn’t hard to guess the password that will allow him to break into the computer on the desk in the vacant office. Frequently the password can be found simply by flipping the keyboard and reading the note taped to the underside, Ezdon said. Glancing around the office and at pictures can yield the names of spouses, children, favorite pets, hobbies and interests. Any of those things might provide a clue to a password.

At other times he will simply tell an employee that he needs to check his e-mail and ask if he can use a computer.

“People have a tendency to be more trusting, especially here in the Midwest,” Griffith noted. Employees are trained to be courteous and helpful, and information thieves take advantage of those traits, he added.

Employees also tend to underrate the value of the data they possess, the LOCKNET officials said.

“You need to be aware of what information you have,” Ezdon warned. Studies have shown that at least 50 percent of identity theft frauds originated with information stolen form businesses or financial institutions, he said.

That means businesses need to protect their customers’ names, addresses, birthdates and Social Security numbers. That is important for customers, but it also is vital for businesses, because there are liability issues that could mean serious dollar losses for companies found guilty of not doing enough to protect their clients’ information.

Some of that fraud can be traced to a receptionist or unsuspecting telephone operator who gave out too much information, said Chuck Smith, security engineer with LOCKNET. Someone intent on criminal activity might call a receptionist and claim to be a repairman who needs some information n order to do his job.

“Front-end people are trained to be courteous,” Smith explained. “They ask, ‘How can I help?’ They also have a tendency to give too much information.”

Smith urged employees dealing with a stranger, whether in person of on the phone, to proceed with caution. “Challenge them,” he said. “Ask why they need that information. Ask them for credentials.”

“You can be very nice and still be secure” Griffith added. Customers should not be offended if they have to answer a couple of questions, he added. “Businesses should want to show a secure format. That assures customers and staff members that their information will be safe.”