If someone comes to your business wearing a shirt with the logo of a certain company on it, you still need to verify that they truly represent that company.

Video Transcript:

"Hey everybody, welcome back to this week's Tech Tip. Today I'm going to tell you a little story.
"So a very nice lady, a secretary of a law firm, had a Comcast rep come in and she brought him back to the networking closet. He went in sat down. He was there to audit their setup, take some pictures, make sure everything was set up right on the Comcast modem.
"She gave him passwords that he asked for. While he was there he set up a VPN back to his own office.
"It turns out - he had actually bought a Comcast polo off of eBay, and he was part of a now defunct hacker group. And he went in and stole sensitive information from a law firm, published it as needed, and was using it for espionage.
"So what do you do about this kind of thing? Well, anybody that comes in that says they need to see your network gear, get access to servers, get passwords from you, we need to validate that they're legitimate. So first check with IT. Ask who called them, why they are there, who you know asked him to come out and check, and then validate their ID by calling the company, calling IT, calling HR whoever you need - because these cases are not unique.
"It's happening more and more - especially during COVID. So check credentials, make sure they're supposed to be there, and don't give out passwords without checking with IT.
"That's it for today. Talk to you next time."