All this can lead to neglect. Joshua Crumbaugh, founding partner and CEO of PeopleSec, frequently tests human, physical, and cybersecurity at remote facilities, and often finds security standards lacking. "Computers at these remote facilities tend to be less protected than at corporate facilities," he says. "For instance, I see missing BIOS protections, reuse of local administrator passwords, and live network jacks in common areas."
But that's not all. "Physical security is more relaxed there than at corporate locations," he adds. "This makes it easy for an attacker to walk in and plug into networking equipment. I have personally walked right into many remote facilities and plugged into their local network without ever being noticed."