I.D. Badges
Aug 02, 2023Question: I wanted to reach out to you and get your opinion on a matter. We recently conducted a pentest and discovered an issue that I am tasked with looking for an answer for. Long story short, I am looking at implementing a Picture ID Badge system for employees. At this time everyone is issued a Name Tag when hired, however the majority, 99%, of the employees usually do not wear them. After visiting several local credit unions and banks in the area, I have discovered that none of them wear any form of ID Badge, only name tags. So now to the question…What, if any, thoughts do you have on this topic, and any suggestions and/or information in this area are welcome and appreciated. Thank you for your time.
Answer: Reading your questions, my guess is that the pentesters used social engineering to gain access to your buildings or operations center. Your institution is large, so your people don’t know everyone working for you and that provides a social engineer with a fun environment to invade.
- The first step is to implement photo identification with some special additions. A. The photo ID must be worn at all times at your offices. B. Anyone not wearing a photo ID is to be stopped and questioned as to who they are especially in nonpublic areas. C. Your name tag will only have your employee's first name on it. This is for staff protection so people with derailed thoughts will find it hard to stalk your employees. D. The photo id will have the person's initials on it that can only be detected by black light.
- When criminals see that everyone is identified by picture identification it is harder to make a fake id.
- When you question someone’s identification you can place it under a black light if no initials this is a fake id. It also will help to stop a pen tester from making a fake ID to gain entry into your financial institution. A. A staff member from another office can be identified by checking the black light feature.
- Management must back the picture id by writing up anyone not wearing it or some other tactic to make staff realize this is no joke it is to protect them.
- In active shooter situations, this also helps identify your staff to responding law enforcement.
- We would also require a visitors badge when anyone is assigned to work in rear areas fixing machines or visiting off-limit areas with no exceptions. Your visitor badge color will change daily and the name written on it fades in 24 hours. Even examiners must wear this badge daily before they go to work.
- Anyone stopping someone in a rear area who is not identified that staff member will be rewarded with a gift card or some other reward or acknowledgment. People are reluctant to challenge someone in rear areas as it might be a VIP and they will be punished. This thought process must be altered to that was a good stop.
- We will replace the photo ID once if lost. The second time the staff member must pay $25.00 or the cost to replace it.
The final comment is not meant to offend anyone. We really don’t care what the other financial institutions in your area are not doing to protect themselves. Our goal is to be sure all of your staff goes home safe tonight. If their management has identification procedures and not enforcing them that is not your problem. In fact, we enjoy seeing other local financial institutions not enforcing the rules because the criminals will attack them not you.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras sed sapien quam. Sed dapibus est id enim facilisis, at posuere turpis adipiscing. Quisque sit amet dui dui.
Call To Action
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.