Today I arrived early for my meeting so I was able to sit at the lobby listening to conversations taking place between security-reception and the employees/guests of the company.
After a couple of minutes a maintenance guy approached the reception and told them that he was checking all the fire extinguishers in the building and that he saw 2 of them inside a locked data-center. A brief call was made and to my surprise security shouted to another maintenance guy to give his general (!) maintenance card to the fire extinguisher checking guy for access. Nobody accompanied him, and nobody check anything about him (or me for that matter…)
The entire building was open and transparent; which in itself is a nice thing as a working environment. When I went to the bathroom (I pie a lot when I’m at ‘work’, wandering around looking for that darn toilet…) there was an open cabinet right in front of me; with a couple of network cables and some – what appeared to be – straight routers. I stood there for 5 minutes and nobody walked by or said anything. I’ve reported it to security and they said “yes, we know. They are working today on that cabinet”. After that he told his coworker that he was going to the bathroom to pee 🙂
So once again; social engineering is easy and can result in very serious issues…