A new report from the SANS Institute and RSA on help desk security and privacy finds help desk workers are the easiest victims for a determined social engineering criminal. A majority of organizations use basic personal information (e.g. names, locations, or employee ID) to verify callers into the help desk. The problem is that many help desk employees will bypass security controls in an effort to be more helpful to the caller. The report says that the root of the problem is a lack of training, tools, and technology.”]