| Area of Risk |
Hacker Tactic |
Combat Strategy |
| Phone (Help Desk) |
Impersonation and persuasion |
Train employees/help desk to never give out
passwords or other confidential info by
phone |
| Building entrance |
Unauthorized physical access |
Tight badge security, employee training, and
security officers present |
| Office |
Shoulder surfing |
Don’t type in passwords with anyone else
present (or if you must, do it
quickly!) |
| Phone (Help Desk) |
Impersonation on help desk calls |
All employees should be assigned a PIN
specific to help desk support |
| Office |
Wandering through halls looking for open
offices |
Require all guests to be escorted |
| Mail room |
Insertion of forged memos |
Lock & monitor mail room |
| Machine room/Phone closet |
Attempting to gain access, remove equipment,
and/or attach a protocol analyzer to grab
confidential data |
Keep phone closets, server rooms, etc.
locked at all times and keep updated inventory
on equipment |
| Phone & PBX |
Stealing phone toll access |
Control overseas & long-distance calls,
trace calls, refuse transfers |
| Dumpsters |
Dumpster diving |
Keep all trash in secured, monitored areas,
shred important data, erase magnetic
media |
| Intranet-Internet |
Creation & insertion of mock software on
intranet or internet to snarf passwords |
Continual awareness of system and network
changes, training on password use |
| Office |
Stealing sensitive documents |
Mark documents as confidential & require
those documents to be locked |
| General-Psychological |
Impersonation & persuasion |
Keep employees on their toes through
continued awareness and training
programs |
