Excerpt:

As companies become increasingly attuned to the vulnerability of their computer systems to cyberattacks, many may be overlooking a more obvious hole in their protections: The front door.

While the threat of a hacker cracking the company firewall is real, cybersecurity experts say that a would-be data thief is just as likely to gain access to the company jewels by convincing an employee to hold open a locked office door.

Less common, but equally as important, are so-called "physical penetration tests," in which an outside firm is hired to actually infiltrate a company's facility. Heather Bearfield, national leader of the Technology Assurance Services Practice Group at Marcum LLP, said about 50% of her clients hire the New York City-based consulting firm to do social engineering tests, like phishing emails, and a smaller subset of that 50% will ask for a physical penetration test.

According to Ms. Bearfield, some penetration tests involve simply observing employee habits. A client company might present a Marcum tester to employees as a temporary worker. The tester could then observe potential vulnerabilities in the office - passwords written on sticky notes, unlocked work stations - and then report back to the company, Ms. Bearfield said.

"We've even found an employee's personal wireless router hidden in a potted plant," Ms. Bearfield said.

Click here to read the full article on www.WSJ.com >>

Click here to read a PDF version of the article >>