Chances are you’ve helped someone get into a building without verifying whether or not they should be allowed in, or even asking if they had a legitimate reason for being there.
It might have been at a hotel, or the building in which you work, or a building where you had a meeting. In all likelihood, the person did have legitimate access. But maybe not. You never know.
If employees are lax about keeping their access badges on them, security can become lax about verifying identities before buzzing people in. Sure, they see these people day in and day out. They know them. Or do they?
Recently terminated employees make great targets for social engineering practitioners. Security may not know that a person has been let go; usually, it is only when someone is fired for cause and escorted out of the building that security is aware. But even a normally well-regarded employee who is laid off or resigned could pose a security threat, especially if the security desk is unaware of who they are.
That’s one of the many reasons security awareness training is so important.
Maintain the highest level of security.
Creating a culture of security awareness is an ongoing process that continues well after your most recent security awareness training effort. Constant vigilance is necessary. It may seem extreme, but making it an organizational habit, a norm that everyone adheres to, is absolutely necessary to maintain the highest level of security at all times.
The greatest asset of any organization is its people, but people are also an organization’s biggest weakness when it comes to security risk. Having the latest and greatest security tech won’t help an organization much if its people aren’t an active part of the solution. Remember, all it takes is one person to open the door when someone without a badge asks, Can you buzz me in?
Watch this short video to learn more about security awareness best practices: