The Wall Street Journal recently ran a very interesting article about Kevin Mitnick. Do you remember Kevin Mitnick? He’s a famous engineer. Not the sort your likely thinking of.

He’s a social engineer.

And no, that doesn’t mean he’s a really savvy developer for Facebook.

Mitnick caused an estimated $300 million in damage through the better part of two decades spent hacking into some very large institutions. How did he do it? He asked. That is, he simply used “social engineering” to trick people into giving him access, kind of like that email that is still circulating on the Internet that convinces you to delete certain files off your computer because they’re a virus (when in fact they’re standard Java files).

He’s a fascinating case study in how to break into the Big Guys using some remarkably simple methods, without abundant, nor sophisticated, technical attacks. This isn’t Stuxnet. This is earning the sympathy of the receptionist who lets you use her computer for “just a moment.”

Mitnick, who is out of prison now and works as a consultant, mentioned in the article that he has a nearly 100% success rate, still today, for his consulting clients, breaking into their systems using good old social engineering.

But the kicker here is that he has a 90% success rate on the SECOND attempt…because his clients typically do not implement the corrections he advised in the first place. This experience mirrors our own experiences at Tri-8, Inc. (makers of MyLaptopGPS), particularly in our longer software automation history. It’s remarkable how many organizations will ask for, and pay for, key technical or business advice, and then essentially ignore it–and fall victim to the very same problems they started with.

Thus, our Tip of the Week is very simple, yet very powerful: if you ask for, and pay for, advice, consider following that advice.

Fool me once, shame on you. Fool me twice…