After receiving a threat online, a customer wanted to know if they needed to step up their security measures, so we agreed to conduct penetration testing at their UK Head Office. They had CCTV and robust access control on all doors, but they were still concerned if this was enough.
One morning one of our staff members stood on the steps to the building with her mobile phone and bag of sweets in one hand, handbag and parcel in the other. She waited until she saw an individual with the corporate colour lanyard walking towards the building before talking her way inside.
Our staff member managed to talk her way into every section of the building, leaving her parcel – which could easily have been a listening device – in one of the meeting rooms, her bag of sweets on the Vice President’s desk and having a cup of tea with the President of the company, before writing a note to her contact there, popping it on her desk and leaving. The parcel was still there a week later…! The security measures were robust – but the culture needed a dramatic change.
We saved the company thousands of pounds in upgrades by showing them where they needed to improve.