Button down security amid the festivities.

• Position: Business & Finance

Companies with a physical location and Internet presence should make sure security policies and procedures strictly are enforced during the holidays because criminal social engineers are out shopping for others' confidential data, cautions Halock Security Labs, Chicago. Offices particularly are vulnerable in times of increased social activity like the holidays since employees are accustomed to seeing new faces and vendors, receiving many e-mail solicitations, and disclosing personal financial information online while shopping.

Halock specializes in ethical hacking and social engineering--at a client's request--to test a company's physical and Internet vulnerabilities. In one instance, a Halock employee was able to enter the corporate headquarters of one of the country's largest financial institutions and gain almost complete access to the company's sensitive data simply because he was carrying a cake. "When asked what he was doing, our man simply said, 'I have cake,' and nobody wants to impede the progress of a nice looking cake---right?" observes Jeremy Simon, Halock's chief technology officer.

"Social engineering is typically defined as the skillful exploitation of the natural human tendency to trust," relates Terry Kurzynski, chief executive officer of Halock. "This engineering can come through an actual physical interaction, through an e-mail, as in phishing schemes, or online, through falsified websites. The criminal social engineer is out to con someone into giving up credentials that can ultimately be used to generate or gain access to sensitive information and, during the holidays, companies are inundated with strange names and faces in the form of guests, delivery people, greeting cards, special offer websites--the list is endless."

[ILLUSTRATION OMITTED]

Here are a few techniques companies can employ to ensure a safe and secure workplace:

* Stick to policies and procedures; carefully track visitors coming and going into the facility. If you do not recognize someone or that person is not displaying the correct badge or ID, ask the individual the purpose of the visit and whom he or she is working with. It will become clear if this person...