Think loud! Can the regular delivery boy at your office launch a malware?

Most companies employ strict security practices when it comes to the security of their office and infrastructure. There are security guards to monitor the entry and exit, surveillance cameras in place for 360° view and system administrators to keep a check on the security of systems and networks.

While most of the efforts are concentrated towards securing the bigger picture, what companies ignore and simply fail to consider are the smaller instances that can actually create significant loopholes in their security system.

Here’s a possible situation for you to consider…

You have a delivery boy who has been delivering parcels to your company for quite some time. Apparently, this boy is quite familiar with the entry points of your company and has already befriended people he regularly meets at the office reception. He is also well aware of the placement of cameras outside your office premises and at the reception area.

One fine day he visits your office as usual to deliver a parcel and he realizes that the battery of his smartphone is about to get discharged. He pulls out a USB cord from his pocket and very casually, asks someone at the reception area to let him charge his phone using their laptop. The unsuspecting person allows him to connect the USB cord to his laptop, owing to the fact that he has known the boy for quite some time being a regular at the office.

While the delivery boy plays around with the laptop trying to connect his USB cord, he engages the person in small talks. Totally unaware of the boy’s ulterior motives, the receptionist is distracted while the boy is quick enough to launch a malware/virus into the system. The boy is done with charging soon and leaves, only to be never seen again!!

On the flip side, the network administrator detects some unusual activities in the office network and immediately starts investigating the issue. He is surprised to detect that their office network has been infected by some malware that is corrupting all their database. Upon further investigation, he’s able to track down the source of infection and guess what???

The source of malware attack was none other than the laptop of the receptionist who had unsuspiciously allowed the delivery boy to plug-in his USB cord to his laptop. Apparently, the laptop was connected to the office network and it was a child’ play for the delivery boy to infect the complete office network with one smart act!!

Though this is a hypothetical situation, the chances of such a thing happening for real are quite high. It might be too late before you realize that something like this has happened and there is no way you will be able to track the hacker.

Thus, while you invest your time and money in implementing bigger security systems in your organization, it is equally important that you take care of minor entry points also, to avoid any major disasters.

Here are few security practices that you can implement in general in your organization:

  • Every system connected/having access to the corporate network, should have a robust antivirus like Quick Heal Total Security or Seqrite suite of Enterprise Security Solutions installed on it.
  • In general, USB access should be completely disabled on all machines (for both insiders and outsiders). This will reduce the attack surface.
  • The corporate network should be designed with micro-segmentation. For Eg. The receptionist’s laptop/machine should never have any direct access to the critical infrastructure like internal servers or databases.
  • All the staff in the company should be trained on Best practices around information security.
Sushmita Kalashikar

Sushmita Kalashikar


3 Comments

Your email address will not be published.

CAPTCHA Image

  1. A very informative article.

    Thank you Sushmitaji.

    Reply
  2. Avatar Peter NdukubaNovember 17, 2019 at 1:21 AM

    Thank you very much for the information.

    Reply
  3. Avatar Monoj MohantyNovember 24, 2019 at 12:17 AM

    This is an excellent well written article should be implemented by all Corporate, SME, Schools, Colleges & Institutions that never suspect that such a thing can ever happen. “Prevention is better that cure.”

    Reply