The concept of “speakeasy” security is one that I previously had not thought of. This chapter showed that in some cases if you can just find the phone number, or website you will have full access to whatever information you need. When certain phone numbers are not listed to the public, the person answering the call automatically assumes that you have proper clearance. It is this assuming that gets people into trouble. In one of my high school classes my teacher always used to say that when you assume you make an “ass out of you and me.” This play on words sounded funny to me at the time however it couldn’t be more truthful. If employees would not take shortcuts in doing their jobs and demand verification from everyone calling that particular number these attacks would be stopped.
The blame might not rest entirely on the employees shoulders. Perhaps management is too shortsighted to place the proper importance on security. If management is just stressing productivity, it could lead to situations like what was outlined in this chapter. It’s too easy for someone to stumble upon a “secret” phone number or something of the like. Security must be enforced no matter how mundane the process.
No comments:
Post a Comment