As a person who also enjoys the challenges of long range shooting, there is an interesting truth that most shooters don't like to talk about. Although the person or shooter is an essential part of the equation, it is undoubtedly the least accurate part. One learns over time that the less you can influence the rifle the better. It would honestly shoot better without you if it could.
The same can be said for information security. People are the weakest link.
Businesses that deal with private information, such as investigators, attorneys, doctors, banks, and employers need to protect sensitive information from being leaked for nefarious purposes.
Most of these entities use hardened computer infrastructure to deal with this. Strong passwords, firewalls, antivirus and malware programs to protect against hacking. Many employers have policies about disclosing information to outsiders. But how effective is that really?
Lets take an example:
Im looking for a person for service of process. Every lead has come up empty, but I suspect that she is working as a nurse in a hospital. So I call the hospital and ask for HR. HR does their job and tells me that they cant confirm or deny any information about their employees. Great. Policy in action for protecting the employees of the hospital.
But now I call back to the nurses station. I tell them that I am from XYZ Florist and I have a delivery driver there with flowers for Jane Doe and they have been wandering around for 20 mins looking for her. Most of the time you will hear " Oh shes working on the 3rd floor." Bingo. I've confirmed my suspicion and now know where to serve her papers.
This process known to most as "pretexting" can be used in various industries for various means. Some good, and some not so good. Its a method of essentially giving a person a good reason to tell you something that they shouldn't. There are businesses that deal entirely in this space called"penetration testers" in which they consult with your company to stop these kinds of leaks.
Its important for your employees to understand that giving out information to someone over the phone or in person, if they cannot confirm the background of the individual, can be a huge mistake. Things like Identity theft, corporate espionage, breaches in attorney-client privilege, criminal acts, and even murder have all stemmed from a person giving out information to a person with an "innocent" need. Enact policies which restrict any information disclosure until a person or company is fulled vetted, and do your research. A few minutes of digging on the internet could save you a lot of trouble in the future.