Doesn’t mean they aren’t out to get you, the old joke goes. If you think it doesn’t apply to your company read this article NOW: Social Engineering: Anatomy of a Hack.
Does your company have a no-tailgating policy? If an employee at your company found a USB Key in the cafeteria or the bathroom – what would they do? Unless you have epoxied all USB ports, make sure you are managing the risk. Employee education helps, but as Reagan said “Trust, but verify.” This blog post will help: Managing USB Thumb Drives - Is Vista Better Than Epoxy?
Do you conduct regular sweeps for rogue WAPs? Do your employees who use wireless savvy enough to report an unknown WAP if they see one in their connect-dialogue box?
Oh my god....
From the first sentence of the article:
"As the founder of Lares, a Colorado-based security consultancy, social-engineering expert Chris Nickerson is often asked by clients to conduct penetration testing of their on-sight security"
Is this security you can see?