Who Are You? Who, who? Who, who?
In our smallish office, we often take turns answering the phone that seems to ring, and ring, and ring, and—well, you get the point. Every once in awhile, the caller is requesting verification on information, such as our company’s address, e-mail addresses, employees’ job titles, etc. With us being a publishing company, these calls are mainly from public relations companies who are keeping their interns busy by updating the PR company’s contacts. Fair enough. But what happens when the day comes, when it’s not a PR intern calling? What happens when it’s someone with a not-so-innocent motive?
According to RavenEye, an information security consulting business, as many as 80 percent of corporate employees will disclose sensitive company or customer information to people they do not know over the telephone, and up to 33 percent will do the same via e-mail.
RavenEye’s president, Joseph Kirkpatrick, explained that trusted employees are the major source of confidential corporate information leaks, and most business leaders remain unaware that this is going on.
Kirkpatrick said that social engineers prey upon the human emotions of fear, trust, kindness and greed to trick others into sharing critical secret information. According to a study by market researchers at IDC, businesses will spend $45 billion worldwide on security technologies in 2006.
“Good security technology is available to companies, and they should have it in place,” Kirkpatrick said. “But the most serious threat comes from the human factor. Curiously, that is the part of the equation that businesses continue to pay little attention to.”
So the moral of this story? Watch out who you give our information to. I hate to give those PR interns a hard time, but they shouldn’t be surprised if the people they call start being a bit more cautious before spewing out company information.