As if security staffs don't have enough to worry about, this Processor story delineates mundane devices and connectivity points in a modern office that, if left unattended, can cause big headaches.
Take copiers, for instance. The story points out these omnipresent devices have evolved from simple machines that only did what the name suggests -- make copies -- to complex affairs that have IP addresses and are eminently hackable. The problem is that security around copying machines is woefully lax. Indeed, the story says that it's conceivable for a clever hacker to get access to everything that's ever been copied on the machine, since it all lives on in memory. To make matters worse, vendors often build in ill-protected back doors in order to make repairs easier.
Voice mail systems and unprotected network jacks -- especially those in common areas such as cafeterias and lounges -- are other vulnerabilities to which people simply don't pay enough attention.
We are not fear mongers. But it's increasingly clear that internal threats are greater than those from the outside, and these are real dangers that should be addressed. The dangers posed by portable storage devices are good examples.
IT departments should make a special effort to think about these problems. Human nature is such that once procedures are established and habits formed, only the rare person would suddenly stop and sense that a stealth problem exists. For this reason, IT should periodically sit down and brainstorm these mundane but real threats. It's also important to recognize that the line between electronic and physical security is fading.