The Savvy Technologist

Social engineering still works

Bruce Schneier blogged today about a recent CNN story describing how Treasury Department inspectors posing as computer technicians were able to convince 35 out of 100 IRS employees to divulge their network login and password. This is yet another data point that points to employees as the primary weak link in most company or school security systems.

Even though divulging passwords in expressly prohibited by IRS rules, some of the employees who gave up the goods did so because they wanted to be as helpful as possible to the IT staff. If you are currently considering the purchase of some new high-tech security system, put down the checkbook until you’ve done some serious training with your employees.