Playing with open cards

August 2, 2021

Every month around the 1st, social media is full of ‘new job’ postings – and I would like to begin by congratulating everyone, who is starting a new adventure. As a security specialist and advisor, I would also like to point out that there are ways to share new job adventures without breaching the security of your past or new employer. I am referring to the tendency to post pictures of ID cards.

In my line of business, one of the things we get involved with is testing how easy it is to breach security at a client’s physical site and/or IT systems. Here, the use of a random staff access card is a frequent tool.

You might think it is simply a picture of an access card that an outsider is not able to use physically. And you are right. What people like I do (with the blessing of my clients) is to use the design of the card to produce a personal card, gain access, tailgate after other employees and walk around a physical site, looking like I belong, obtain the information I need physically or use an open computer on a desk to gain access to the company’s IT systems. It really is that easy. Criminals know this, security professionals know this – and I am hoping that corporate directors and company boards will also be aware and focus on this now.

I feel it is my obligation to warn against this, knowing it might (I hope) be more difficult for me in the future to find company access cards open source on various ‘Job News postings’. I am flagging this to protect you, your people, assets, IT systems, IP, brand and market value.

Wishing everyone a happy, and safe, return or adventure in current and new workplaces,
Susanne Skov Diemer,