Information Security Defeated by Bagel Day

Your company spends hundreds of thousands of dollars each year on new or upgraded information security systems and software to combat a data breach. Technical teams spend their entire careers staying one step ahead of the hackers to ensure information security in your organization. Yet it all comes down to one bagel.

One Monday morning, a guy parks next to you and walks to the building with you. He has a bag over his shoulder, a bag of bagels in each hand and a security badge on his belt. You get to the door and badge in. What happens next? In most cases, you hold the door and invite him in hoping the new guy will offer you a bagel. You hate Monday mornings. Oh…and your company just suffered the beginning of a massive data breach. You were the victim of social engineering.

Physical security is one of the three primary control families used to protect against a data breach. Take extra care in forcing everyone in your party to badge in when you enter a building. I know it feels weird. In today’s world though, it is one of the only ways to stop targeted attacks. Social engineering is a common occurrence in the data breach landscape we face today. If you take information security seriously, you should also take physical security seriously.