Why Hackers Don’t Need Computers To Get In

Low‑Tech Hacking Is Shockingly Effective

Hackers (or bad actors) can and will use all sorts of means to gain access to a device or a network: adware, malware, RATs, that random USB drive you found… but a good hacker also knows how to use simple physical access rather than remote access.

• Best‑of‑breed hackers know how to pick locks.
• They know how to blend in.
• They rely on human politeness — the person who holds the door open, the receptionist who doesn’t ask for ID, the staff member who assumes “the IT guy” is legit.

When was the last time you asked someone for their ID? And when was the last time someone asked for yours?

Real‑World Example — Physical Access Beats Firewalls

In a report on inc.com, David Kennedy (founder of TrustedSec and former cyber intelligence analyst) explained how he helps companies find their security weaknesses.

He starts with physical security and will literally try to break in and steal something.

If that doesn’t work, he uses “piggybacking” — following an employee through a secure door.
If that doesn’t work, he resorts to “MacGyver‑style hacks”: blowing smoke or spitting whiskey through door cracks to trigger motion sensors.

Once inside, he simply tells an employee he’s from IT and needs to update their computer.

“When hackers break into one individual, it’s the downfall of an entire company.”

Human Behaviour Is The Weakest Link

When I read this, I’m not ashamed to admit that I was thrilled in a way and I think it’s because the simplicity of it is so beautiful.
We are all so busy making sure we don’t open those email attachments or trying to make our passwords as hard as possible, that we’ve overlooked the basics of keeping a business secure. Locked doors only work when employees are educated on how to use them correctly.

In passing, I mentioned the topic of this blog post with a fellow employee and was startled to learn that he sees this kind of thing at customer sites all the time.

As recently as this week, my colleague was at a site where a new employee was manning a reception desk at a locked entry door. Although this person had never met my colleague, they buzzed him in without a second thought and didn’t ask any questions as he strolled past and made his way deeper into the building.

He also recalled another time when he showed up at a new customer site, having not met anyone there face to face before. He informed the staff member that he was the computer guy (as most of us computer people casually do) and without being asked for any form of identification or questioned any further, was shown directly to the comms room.

This seemingly inconsequential kind of negligence highlights just how bloody easy it is for someone to not only gain physical access, but gain access to the heart of your business where your crucial data lives without using a computer.

“When a hacker gets past one employee, the hacker spreads to the entire network.”
“People are the No. 1 target when it comes to how hackers get access to offices and computer systems.”

Physical Security Must Be Part of Your Cybersecurity Strategy

So whilst you are busy ensuring that your firewalls are impenetrable, your devices are armed with AV or anti‑malware software and that your employees have been educated in the art of not clicking, you need to make sure that your building is secure and remains that way.

If someone outside of your organisation claims to be there for a service or a meeting and they are not familiar (and maybe even if they are), the question of identification should be raised. It takes two seconds to ask and could save thousands, if not millions of dollars in damage because once that damage is done, it’s too late.

Site security should be considered a core part of any employee induction, no matter who the employee (or the business) is. Combined with essential computer security basics, an employee can be a valuable part of your line of defence instead of your weakest link.

Ignorance will not prevent the theft of assets or business data and it certainly won’t save your job.