Physical IT Risk from Malicious Contractors
We often pose the question on our blogs about how secure a business computer system really is in regard to cyber attacks. We offer suggestions and tips on how to shore up networks from malware, hacking, ransomware, and other malicious methods used to infiltrate personal and sensitive data from a company’s system. Today, we are examining a new risk that seems to be growing in frequency - criminals gaining physical access, instead of cyber, access to IT infrastructure.
According to InfoSecurityGroup, an online security forum, a recent cyber crime report shows that organized crime groups, such as gangs, are attempting to physically access IT infrastructure with the goal of stealing and using sensitive data.
This information was a topic of the recently held SINET Global Cybersecurity Innovation Summit. Experts explained that companies should not just be looking at cyber vectors when planning security but physical vectors as well.
How Does the Infiltration Work?
In order to target corporate IT databases, gangs are placing their members in outside contracting positions such as: after hour cleaning crews, painting companies, decorating firms, or any field that may offer after hours access to a corporate building.
Once a gang member has secured a job as one of these vendors, he may have unfettered access to data. Once the data has been accessed, it may be used to create false identities or perhaps used to obtain fake credit.
Things to Consider …
Think your company is immune to this type of crime? Ask yourself if the outside vendors or contractors have access to every room in your company. Have their employees been vetted in any way? Is the server room off limits for cleaning, painting, or to other outside contractors? Are laptops, desktops, and devices locked at the end of every business day? Are passwords physically maintained anywhere they can be accessed?
These are important questions to consider when trying to prevent organized criminals from infiltrating your data.
Prevention Is the Key
According to a UK Regional Cyber Crime Team, these organized crime groups that are placing “sleepers” in contracting companies are growing in number and tactics. Businesses need to take action before they become the next statistic in regards to lost data.
IT experts suggest taking several steps to ensure that your business is protecting itself in both cyber and physical security vectors. Here are a few things your business should be sure to include in the next IT security check.
Do you need a security evaluation? Talk to our team today at Spectra for more information about safeguarding your business.
- Conduct a basic penetration test that involves both physical and cyber-threat vectors.
- Create a vulnerabilities list that prioritizes the greatest areas of risk.
- Create a test of weak points and security flaws.
- Request that all contractors conduct several layers of vetting in order to be considered for work with your business.
- Train employees to spot discrepancies in security.
- Create a nightly security checklist that protects all physical and cyber assets.
Spectra Networks. Website designed and developed by Sperling Interactive.