Be alert and aware of "social engineers

It's natural to want to be helpful. But beware of "social engineers" who try to take advantage of your good nature in the workplace in order to compromise proprietary business information and resources. They might appear in person, or call on the phone, or contact you by e-mail. They might claim that they're from your technology help desk or from the phone company. They might even threaten to report you if you are not cooperative. Remain polite but don't be intimidated, and just say "No" at times like these:

1. If anyone at all asks you for your password
2. If an unknown person without an ID asks you to let them in to your workplace or tries to follow you into your office (ask who they want to see, and have that person admit them and sign them in)
3. If an unknown caller asks you to connect them to an outside line, or asks you to disclose telecommunications information such as your calling card number or a list of company telephone numbers
4. If an unknown person, or someone whose authorization level you are unsure of, asks for information that you know is confidential company, client or personal information

Respond with a few questions of your own. Politely ask for proof of identity, for a callback number and for the name of their manager or company contact. If their authorization does not check out, report the incident immediately to your company help desk and to the people at your company who are responsible for physical and information security.

Similarly, if strangers in your company's office appear to be where they should not be, politely ask a few questions to verify who they are and why they are there, and, if their authorization does not check out, report the incident immediately.