Social engineering attacks don’t only exist on your computer. By claiming to be an employee or vendor with official-looking credentials, criminals can coax information from employees or gain physical access to systems. Criminals have been known to steal or purchase old vendor uniforms as a way to bypass security or avoid scrutiny. They may pose as janitorial staff, IT employees there to “fix” something, or even auditors/consultants.
If sensitive information, like non-public information (NPI) or cardholder data (CHD) is present in the area, the following should be included in your visitor management procedures: