As time goes by you work out he's a bit of a charmer. He has a way with people, makes them feel comfortable with him around and some of the ladies in the office have taken quite a shine to him. He's witty, amusing and likes to bring in biscuits or doughnuts for everyone.
Eventually, you find out his name is Tim and he is something to do with IT - you were right! You pluck up the courage to chat to him, and he tells you about his family, his wife and kids, his favorite sport and the team he supports. You get to chat about common interests; he's a really nice bloke and can talk well about almost any topic - not your typical IT geek then.
The following Monday you see no sign of Tim, but you think nothing of it. He's probably off today or working at another company’s site.
By Wednesday, you have realized he must be off on holiday - you hope he's not ill or anything, especially that lovely wife of his.
The next Monday morning arrives and still no Tim. You don't worry too much because your PC is playing up and you can't log in to the network.
After logging a call with the Helpdesk, you notice that there seems to be a lot of senior managers and directors in various meetings, all looking very serious. Oh god, not more redundancies. So you knuckle down and look busy - as much as you can without your computer, putting the lack of Tim to the back of your mind.
When you turn up on Tuesday morning you see that everyone is being taken into a room with some gentlemen in suits - you were right, it is more redundancies. Your turn to go in the room comes and you enter the room with anxiety.
The rather stern looking gentleman in front of you says, "My name is Detective Sargent John Doe. What can you tell me about someone working here recently called Tim... ?"
And that's when you find out that Tim didn't work in IT, he didn't actually work for your company or a supplier. In fact, it's very doubtful his name was even Tim.
You also find out that your company computer systems are offline because they have been infected with a virus which has deleted all your corporate data, but not the police suspect, before "Tim" took copies of all your essential information - personnel records, bank account & credit card details, sensitive customer records, financial data, etc. "Tim" and whoever he worked for now knows more about your company, its employees, suppliers, and customers that your company does!
That's all because you, your colleagues and managers didn't check who "Tim" was, didn't make sure he had the permission and the authority to be where he was, doing what he was doing. Your company has just been the victim of a social engineering scam. "Tim" had essentially conned his way into your company, planted key-loggers on peoples PCs to collect their user Ids and passwords. He had then connected his laptop to your corporate network and hacked into various systems, using the credentials he'd collected, to steal all your vital business data. At the end of this, he had uploaded his virus to the network, ensuring you didn't have access to your systems for at least a few days.
Now imagine if there was no virus, no tell-tale to let your IT people know something was wrong. Would you even know this had happened?
No comments:
Post a Comment