The Danger of Low-Tech Hacks

While a company or organization can have all of the technology in place protecting its most sensitive data, prying eyes may still be able to gain access, especially if employees aren't being as diligent as they should be. For instance, staffers can be quite easily fooled into divulging all sorts of data to outside callers posing as fellow workers.

"There's no patch for human stupidity," writes the author of a fascinating article on information security that appears on the Web site for the business and technology magazine, Fast Company.

Worker, Hack Thyself by Ryan Underwood seeks advice from a series of security experts on ways companies can tighten their defences against lapses in the human side of information security.

The story describes how easy it is for crooks to fake things like caller IDs so they appear to be legitimate insiders in an organization and then gain access to sensitive files.

"It doesn't take a great leap to imagine an overworked, soon-to-be-outsourced IT grunt running a Fortune 500 company's database in San Diego getting a call from someone at New York headquarters -- hey, the caller ID checks out -- asking him to shift some of the data to another server for a few hours," writes Underwood. "As it turns out, that server happens to belong to some teenager in desperate need of some fresh credit card numbers so he can score a new plasma screen TV. Or worse, it belongs to the company's fiercest competitor."

The article is available on the Fast Company Web site at: http://www.fastcompany.com/magazine/82/socialeng.html.