Submission + - Donating to Janitor Retirement Funds
alterimage writes: I'm a Computer Science major at night working by day in Accounting for a major telecom provider with a client list consisting of most the companies on this list. Daily, I see customer payments come and go in excess of $50,000. Strangely, rather than have these payments conducted by an IVR system or over the internet, the majority of these payments are conducted over the phone with individuals such as myself, who are instructed to write down and document all the specific banking information, and to keep them on hardcopy in an unlocked file cabinet, accessible to anyone..
Having experience with social engineering and fraud, I've already advised my boss that it's probably not a good idea for the minimum-wage cleaning staff to see bank routing and account numbers laying around everywhere, and was told that I'm over-reacting. So I ask Slashdot- At what point should the human aspect of security be considered in the business environment? Should I just smile, nod, and play along in this situation?
Having experience with social engineering and fraud, I've already advised my boss that it's probably not a good idea for the minimum-wage cleaning staff to see bank routing and account numbers laying around everywhere, and was told that I'm over-reacting. So I ask Slashdot- At what point should the human aspect of security be considered in the business environment? Should I just smile, nod, and play along in this situation?
