Each one of us has been guilty of the most common security violation known to mankind - allowing someone to piggy-back behind us after we authenticate a space with our credentials. OR, we are the ones who piggy-back behind someone else, and in return we give them a wave, smile or nod. Not only does this potentially harm our security posture, but it also affects accountability.
Previously, I worked at large defense contractor for 11 years. Everyone knew everyone, and there was very little new blood coming into the organization. So after a while, everyone just held the door for each other. We did have visitors (cleaners, vendors, inspectors, etc), and for those people we required them to sign in and be escorted through.
Even the security lady allowed piggy-backing, because she could personally verify the clearance and need to know of each person who walked in. So the question begs - does it make it right? Well in those 11 years of working there we never had someone without the proper clearance enter the facilities. We never had any issue with someone without the need to know or a disgruntled employee enter and extract data or harm people in the room. Never.
So in a situation where the working population is small and everyone knows each other there is obviously less risk. But, there is always risk. I now work at a military base where there are thousands of people that I don't know. So around here it is someone we may mind to, but not always. Yes, for those super secret areas it is very much enforced. But for more common areas which are still restricted, as long as you look like an employee and flash a smile, you'll get right in. BUT, this is also because you were able to get on base, which requires positive ID verification by the Military Police.
When I started this article I really thought I was going to come to a groundbreaking self-discovery of why we need to more strictly enforce the piggy-backing rule. But it's one of those things where if you see it happen every day, and you never see a violation occur, why continue to enforce it? I've worked in a top secret environment for 20 years and I've never had anyone piggyback who ended up being a bad guy. Or at least, that I'm aware of. And right there, that's the problem.
We don't know, what we don't know. So in this case, I hate to sound like an old fuddy-duddy, but perhaps.... better safe than sorry.
No comments:
Post a Comment