Why building security is also IT security – SCAM OF THE MONTH

Why building security is also IT security – SCAM OF THE MONTH

Felipe and Charlotte work together at a bustling financial firm. One Friday morning, Charlotte was running late. She was fumbling through her bag, looking for her key card but couldn’t find it. Just as Charlotte was about to give up, she saw Felipe scanning his card at the entrance. Charlotte called out to Felipe, and he held the door open for her. She thanked him and explained that she must have left her key card at home or in the car. Charlotte made it into the office just in time for her big meeting. The rest of the day went by like normal. She never found her key card but decided to figure it out the following week. Unfortunately, the key card had been taken from Charlotte’s unlocked car by a criminal. Later that night, the criminal was able to get into the office. Once they were in, the attacker used log-in credentials left on a sticky note at another employee’s desk and gained access to all the company files and employee information.

Did you spot the red flags?

  • Felipe let Charlotte “tailgate” by following him into the building without her own key card. This allowed Charlotte to forget about her missing key card instead of resolving the issue immediately.
  • Charlotte left her car unlocked and another employee left account credentials out for everyone to see. This allowed for company information to fall into the wrong hands.

What you should know about this scam

If you lose a key or any physical credential, notify your company immediately and follow the necessary steps to ensure physical security.

Keep workspaces clean to avoid misplacing important items or documents. Do not keep passwords on sticky notes or in visible places.

In addition to coworkers, tailgaters could be visitors or criminals. Criminals use our tendency to be polite and give people the benefit of the doubt to carry out their attacks. If you do not recognize someone who is trying to tailgate, direct them to the proper sign-in location, or depending on the circumstance, consider asking who or what they are looking for.