Physical assessments embrace Social engineering; an uncomfortable subject. The assessor will go out of his/her way to make friends with and the abuse this friendship to undermine members of staff. Social Engineering ranges from “stalking” someone to learn about the target or organisation to walking up to people smoking outside the firedoor, starting to chat and then following that person back in the building. The assessor relies on predictable human behaviour to collect information and gain access to restricted areas.
Each assessment will be conducted in it’s own context. For example, dressing formally can help someone gain access to offices and corridors, acquiring a maintenance uniform can help solidify access to server rooms and building facilities, and donning a hospital uniform can aid with access into healthcare facility terminals. Walking with confidence and intent will lessen the likelihood that someone will question the unauthorized presence. Tailgating is popular technique to gain access to secured buildings. This simply involves covertly following and entering a door opened by approved personnel. Again, assuming the ‘identity’ – not literally – of someone who is supposed to be there will allow you to do this without suspicion. A similar technique involves approaching the door with both hands/arms occupied by something like files, cupcakes or coffee. If timed correctly, another individual with clearance will likely help that person through the door to be polite.