Building Access Security - Cover Your Assets

We're talking about building access security, and company assets.

Your work location may have physical security safeguards, but security measures work best when they are supported by employees. You can significantly reduce the vulnerability of the company, co-workers, customers, and yourself by complying with the following recommendations:

• Do not let others into the workplace with your badge or allow others to use your badge.
• Follow visitor registration and visitor escort requirements.
• Do not allow doors to be propped open, and report any inoperative access

control devices, such as card readers or security gates.
• Ensure that only authorized people are allowed into a secure area.
• Report conditions that may violate security to the appropriate Physical Security office or your manager.

You are not being discourteous when you ask to see someone's ID. You are assisting in the protection of employees as well as the company's and its customers' information. Those who are questioned should see the value in maintaining a secured environment.

Today, corporations also need to be concerned about a different kind of access vulnerability. "Social Engineering" is the phrase that refers to the various methods used to gain unauthorized access to corporate assets, such as computer networks and telephone systems. These pretenders are no ordinary computer hackers, working cloak and dagger. Instead, they work in the open, acting friendly and polite as they request information from you. The intruder may claim to be an employee who has lost his/her password and needs you to provide system access to help solve an urgent problem.

Others have posed as local telephone technicians who, under the pretext of testing the system, request that you transfer them to an outside line. The following information will help you recognize the characteristics of social engineering so that you don't become a victim:

• Telephone calls are the most common social engineering technique. They are quick and can be used to easily impersonate almost anyone.
• One of the most renowned hackers of all time did most of his work through social engineering, such as scamming telephone agents for access codes. Only 15 percent of his work was done on a computer.
• Beware of anyone requesting a password, account, personal information, or system access without proper authorization and identification.
• Male hackers often use "voice changers" to imitate females when requesting information over the telephone.
• Use your instincts and be observant. If you're unsure of a person's identity, do not give out any sensitive information. Request and verify information concerning their identity and call them back.

Remember, each one of us has a responsibility for safeguarding the information and equipment within our work environment.

It's our responsibility!