A researcher at the University of Twente in the Netherlands conducted a unique experiment as part of his doctoral research. As part of his research into organizational security policies, researcher Trajce Dimkov asked students to steal laptops across campus. Unsurprisingly, students found this an easy task to complete.
Under the guise of conducting a survey, Dimkov loaned laptops to university staff at random. Staff members were asked to use a laptop lock, to use a password, and to lock their doors when they left their offices. 60 documented attempts by students were made to steal the loaned laptops - half were successful. Campus security was made aware of the study, so no students were at risk for legal repercussions from participating in the thefts.
So, despite precautions given to staff members, how were half of the theft attempts successful?
"Some people forgot to lock their door. In other cases, the students were able to think up a cover story that was sufficiently convincing to get a cleaner or caretaker to open the door for them. Other students were able to obtain the laptops by posing as technicians. Some claimed to have left their laptop in their supervisor’s office, and that they needed it urgently, to complete an assignment. People tend to make an effort to be helpful, and a good cover story often does the trick."
It seems that human error and social engineering were responsible for most of the successful theft occurrences.