“Almost everyone has a weak link. It may not be something you are focusing on. It may be something you think is covered, but if it is there, it is likely to be exploited”, commented Alan Brill, senior managing director at Kroll Advisory Solutions.
For example, most voicemail systems use nothing more than a four-digit password for access. There have been recent voicemail system breaches, where unauthorized individuals were able to crack the password and gain access to the user’s voicemail, including private company information, according to Kroll’s 2012 Corporate Data Theft Hot Spots report. In some systems, successful hackers could listen to messages and reset the system to appear as though the messages had never been accessed.
“Voicemail systems have become so ubiquitous that they are under the radar. People forget that with the convergence of technology, everything is digital….The voicemail system is a specialized computer”, Brill told Infosecurity.
Also, phone and video conferencing systems are widely used in the corporate environment, yet most employees tend to use the same bridge number and access code repeatedly, particularly if the meeting occurs regularly, according to Kroll. This can leave conference calls vulnerable to access by unauthorized users, including former employees and hackers who gain access to the call-in information.
“Companies have conference calls all the time. If you have a highly sensitive conference call, and one of your employees departs for a competitor, it might be a good idea to get a new PIN and phone number”, Brill said.
In a widely publicized incident last year, Anonymous was able to obtain the call-in information and listen in on a conference call between the FBI and Scotland Yard about their investigations and prosecutions of Anonymous members.
“If I want information, I can try to get it from any source, not just the ones you have thought about and prepared for. The way voicemail and conference calls are used, they can be an excellent source of information”, Brill stressed.
Even the mailroom is not immune from data breaches, Kroll identifies mailrooms as a security hot spot due to the amount of sensitive information entering and leaving the company via the mail. There have been cases where insiders were able to steal media storage devices by placing them in a standard postal box and putting them with the outgoing mail.
“There are blind spots in everybody’s work life. What we try to do in putting these hot spots together is just to say, ‘Just because they are a blind spot to you, doesn’t mean they are blind spots to the bad guys'”, Brill concluded.