A common attitude towards information security is that responsibility lies with the IT department.

While it is true that in many cases IT plays the biggest part in how data is stored and processed, a company’s wider operation should not be ignored.

Hacking is a threat usually associated with technical expertise, finding a gap in technical IT security systems and exploiting it to gain access to confidential information.

Often though, security can be by-passed using a far simpler approach. Social engineering is an equally significant threat that can be overlooked when planning information security, and it is perhaps the more likely to occur as it exploits human weakness.

SOURCE: assenttechrisk.co.uk