11 Nov Forget Cybercrime — ‘Creepers’ Are An Old-School Threat To Your Business
If you devote all your business’ security resources to fending off hackers and other cybercriminals, you may be unlocking the door, literally, to more basic types of theft. ‘Creepers’ are criminals who gain access to offices or other physical facilities via unlocked doors and social engineering tactics. Once in, they steal proprietary information, inventory, computers, and personal property, or gather information that makes it easier to hack your network.
Creepers in action
A major energy company’s Houston office was infiltrated by a creeper who is believed to have stolen sensitive information, possibly to sell to a rival company or foreign government. Surveillance footage released by the FBI shows a man walking through an unlocked door in the middle of the night. He is wearing office-appropriate clothing and moves confidently, like an employee who has a right to be there.
A Washington D.C. creeper also looked like she belonged where she did not. She walked into many supposedly secure government offices by chatting with employees outside the office, then following them through the door. When questioned, she claimed she had left her badge at her desk.
In other cases, creepers use uniforms and props such as mops, toolboxes, and clipboards to suggest they are cleaners or that they work for building maintenance. They may wear stolen or forged ID badges, assuming that no one will examine them too closely.
To protect your business’ and its employees’ property, keep all doors locked, even during work hours. Issue keycards and photo-ID badges to workers and instruct them to be on the lookout for possible intruders. They should not automatically assume, for example, that someone wearing coveralls and carrying a ladder is authorized to be there. And they should not unlock the door for anyone — even if that person seems like an employee — unless they know for certain he or she is.
If workers are uncomfortable approaching a possible intruder, they should immediately report the person to your office manager, human resources director, or building security. The stranger in question may well be an authorized visitor, but it is better to be safe than sorry. Also ask employees to report the presence of former employees, who sometimes are recruited to carry out corporate espionage.
Even if you do not keep high-value inventory or electronics on the premises, install security cameras. It is also a good idea to instruct employees to lock up purses and wallets and to password-protect computers whenever they leave their workspaces — even if it is only for a few minutes.
Virtual vs. physical threats
Obviously, information technology security must remain a priority for all organizations. But do not let virtual threats blind you to the need to protect against physical ones. Contact us for help preventing fraud and other forms of theft.