A secretary unknowingly gave a con artist access to her law firm's server room when a total stranger showed up in a Comcast cable t-shirt and said he was there to audit their cable modem. The guy, part of a now-extinct criminal ring, had bought the shirt off of eBay. He then used it to gain access to several businesses by going inside the office and noting the configuration details and passwords of their firewalls and cable modems. In some cases, they actually built a secure VPN private backdoor they later used to steal data. If someone dressed in a utility provider uniform showed up at your office, would you let them in? Everyone assumes that hacking is performed by a guy in a hoodie working from some undisclosed basement in Russia or Iran. But that's not always the case when someone shows up at your office for anything. Train your team to ask for ID. Ask who and your organization they've spoken to about the service they're performing and be gracefully suspicious, as some might say in this out. Now, I wouldn't say that, but some might. If the person requesting access to your server room or computers provides an ID, that's not enough. Look up the phone number for the organization they say they're from and contact them directly. Do not use the phone number on the ID card or phone number provided by the person that's on site. Please follow company policies about how visitors are allowed in the building. If those policies exist, if those kinds of policies don't exist, really need to work to define them.
