SLAC Computer Security
Search SLAC
SLAC Home | Computing Home | Computing Outages | Help
Computer Security | Windows Security | Passwords | User Education | Policies

Cyber Security Awareness Month

These tips are part of a month long effort to distribute useful computer security information to the SLAC community.

Day 5 - Social Engineering and Dumpster Diving Awareness

Social engineering comes in many forms. The spam and the phishing emails we receive are the two most common and we know how to deal with those, right?  So let's talk about slightly more subtle methods.

Have you ever printed something and then forgot to go grab it off the printer? Try to avoid printing whenever possible.

When you see an unfamiliar person in your building, do you ask them who they are or who they are there to see? We need to be polite, but we also need to play a part in protecting SLAC's assets. Go ahead, ask them who they are and who they are looking for. Escort them.

If you find a USB drive laying around somewhere don't plug it into your computer! Take it to SCCS Helpdesk and ask them to pass it on to someone in Computer Security group.

Be skeptical when you are asked detailed questions about SLAC's computers. Refer them to your supervisor instead.

Finally, some "war stories" from SANS community:

  • Eric Mansfield, a local reporter went dumpster diving behind a BMV license bureau in Fairlawn, OH and pulled out a lot of documents with personal info (SSN, drivers license #s, addresses, etc).  When he confronted the supervisor (who turned out to be a nephew of one of the BMV directors), he blamed the customers.  Within a few weeks that particular bureau was closed down, the managers fired and they are re-evaluating whether or not to keep it open. http://www.wkyc.com/news/news_article.aspx?storyid=74589
  • In 2003, ninety per cent of office workers at a London station gave away their computer password for a cheap pen.  In 2004, 71% provided their password for a Marks & Spencer Easter Egg. http://www.theregister.co.uk/2004/04/20/password_surveys/
  • In 2006, a firm hired to assess security scattered USB drives outside of a credit union. Of the 20 USB drives planted, 15 were found by employees, plugged into company computers and able to gather confidential information. http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1

Owner: SLAC Computer Security
Page Created: 10/05/2007
Last Updated: 02/19/2008
Feedback: Please send to Computer Security Feedback