Why do hackers do it? Why do they spend hours trying to break into corporate and government computers? Because breaking into a computer system is like getting the keys to the corporate kingdom, gaining trust and access.

These are not nice people.They are not just some teenager sitting in his bedroom in his pajamas, clicking around on a lap-top. More likely, they are foreign nationals in a concrete office building, surrounded by other hackers pounding away at your security system to plant malware, get passwords and banking information and encrypting entire systems to sell for ransom. Their targets range from small businesses and individuals, to the computer systems of entire cities, which happened to Baltimore and Philadelphia recently. 

So how in the heck do hackers get your company info to target an attack? Sadly, your employees give it to them.

In an expose on FastCompany.com, a paid corporate hacker/security specialist for IBM revealed the tricks of the trade in getting employees to reveal passwords, security information, and clues that help hackers target a company for an attack.  Companies like IBM hire such specialists to find gaps in their security systems before the real bad guys do. The article shows how they scour the internet for information, tricking employees into revealing secrets over the phone, and even using disguises to break their way through the office security system.

That's right. No convoluted hacker algorithms, no secret "Black Web" tricks. Your biggest security problems are your own trusted staff. It's not that they WANT to give away the store. It's that they just don't realize how simple, innocent behavior can reveal so much on our socially connected platforms.

Most vulnerable are new hires and interns, often given computer passwords and essential information like security badges before they even have time to get security training. People with new jobs, especially younger generations used to sharing their life events on social media often post pictures of themselves at work: selfies with their "team," their office space, even shots of their new security badge, and put them online. Don't believe it? Take a look for your company on your favorite social apps for posts tagged with #firstday, #newjob, or #intern along with your #companyname. 

New hires love publishing their new security badges because they are the first real undeniable evidence that they are on their way to a new career and a new life. Hackers love security badges because they can easily re-create an identical badge with their own photo planted on it to gain access to secured buildings. 

Hackers love office photos for what background images can reveal about a company. White boards, posters and other background images can provide inside information for entry using "Phishing" emails. A sign-up poster for the company softball team can help hackers generate a virus-imbedded phishing email that will be innocently opened by someone receiving it, unleashing whatever malware or nasty code a hacker wants to plant in the company's computer system. Even better are easily visible Post-It notes on computers in the background with access codes and passwords.

When an employee records an entire day at work and puts it on Facebook, YouTube or Instagram, it's like open season for hackers. They have an invitation to see building layouts, security areas and company plans on whiteboard displays. Hackers don't have to break in to the building - they're already there! Plus close examination of laptop and computer screens reveals the types of security tools and software a company uses, allowing hackers to tailor an attack with custom malware disguised as a fake software update.

Whether through Glassdoor, job boards, or social media sites, learning what issues are currently making employees tick can help hackers craft a phishing email that plays to their complaints and desires. A fake (malicious) email appearing to come from the company addressing employee problems will get a lot of clicks, again welcoming malware into the system.

From shared credentials on whiteboards to Wi-Fi passwords posted in plain sight, "getting in" breaks down the walls that divide hackers from company data and secrets. Social media posts can reveal enough that hackers don’t even need to personally visit a company or government office to get information or plant malware. It's like they're already there.

For access to the entire story on corporate hacking, CLICK HERE.

If you dare!