According to an article in The Times, in 2018, three coffee shops were opening every day!
So it’s no surprise that in crowded cities and towns, more ‘business’ is now being done outside the office, in nearby coffee shops.
However, business meetings in public places can attract unwanted attention, and it’s amazing how much information can be leaked while colleagues enjoy a coffee.
Targeted Cyber Attacks Don’t Always Start Online
Generally people pass through public places and think no further on the information they may have overheard.
However, if your organisation is being targeted, these kinds of public meetings are an easy way in.
Organisations often warn staff about Spear-Phishing Attacks, and consider these a technological problem, but this attack vector is not limited to email.
Just like a neighbourhood burglar, criminals can take time to understand employee routines and identify weaknesses that they can later exploit.
It’s Easy to Find People These Days: Social Engineering Attack Vector
By cross referencing corporate websites, LinkedIn, Facebook and other sources, it is often easy to trace someone’s Digital Footprints using just an overheard name & town of work.
But, add to that an organisation’s name from a lanyard or a job title from an ID badge, and finding someone online becomes simple.
This kind of data leakage exposes the organisation to both physical social engineering attacks and highly-convincing technological phishing attacks.
Enforce Mobile Working Policies
Organisations should enforce mobile working policies that not only protect information on devices but also manage the behaviour of staff when they are outside the organisation’s secure boundaries.
Coffee shops, communal areas of a CoWorking space and public transport all increase the risks of data leakage.
Regular training and awareness for staff will help create a security culture to manage the risks.
Contact Assent Risk Management for help with information security risk management and training solutions.