Wolf in the Henhouse: Keeping Your Employees Safe from Social Engineers

Imagine one morning you meet a charming stranger while getting coffee before work. An easygoing conversation ensues; it turns out they just started work at the same company in a different department. Almost embarrassed, they confess they’ve been having trouble finding the time machine kiosk on their floor, so they’ve been using the app. Happy to help, you tell them where it is and go on your way. Months, maybe even years later, a security breach is discovered. The conversation doesn’t even enter your mind; you’ve even seen them around work a couple of times and smiled and waved. What you don’t know is that you were just one piece in a system of infiltration known as “social engineering”.


What is social engineering?

The only way to protect against infiltration is to analyze your vulnerabilities. Employees are often the highest security risk, the human key to a web of confidential and sensitive information. Infiltrators use social engineering to gather surface-level information in order to gain access to more heavily-protected data. They accomplish this by engaging employees with an espionage tactic known as “elicitation”. One way to avoid falling prey to this tactic and others is to use security keys and other identifiers that cannot be imitated or elicited in conversation. While they may seem like something out of a spy flick, fingerprint time clocks and other forms of biometric confirmation can help a company beef up its security.

Where do biometric systems fit in?

Biometrics can be integrated into a process known as two-factor authentication. TFA often consists of a username/password and another piece of data only the employee can provide (e.g., pass-code). This is where cracks in security begin to show; employees have a slew of PINs and codes to remember. Randomly-generated codes are hard to remember, and user-generated codes are easy to guess (e.g., names, dates, addresses). A biometric time clock system eliminates the vulnerability exploited by the infiltrator in our example. Employees sometimes reuse codes used to access higher-security areas, hardware, and/or software when selecting a code for lower-security systems like time-keeping programs. Even when placed in “employee-only” areas, clock-in machines are often in close proximity to public areas where an infiltrator can easily observe employees signing in and out.  By choosing biometric systems, employees will never forget their fingerprints, and certainly aren’t so likely to give them out.
Allied Time has created and distributed a wide variety of time clock systems and business machines for more than 40 years. Browse their extensive selection, ranging from traditional punch clocks to innovative cloud-computing time-keeping systems by visiting their site at www.alliedtime.com/.