There's no smoke with firewalls

I recently heard an interesting story that underlines that security is only as good as the people who use it (Businesses fail to educate staff on security, computing.co.uk /2185087).
A UK penetration tester simply followed smokers through an unlocked and unsecured door into the building after a smoking break. The tester then hooked his laptop up to the network and, doubtless, congratulated himself on a job well done.
The tester - who skirted past other employees by saying the IT department had sent him - made his way to a meeting room, where he hooked up his laptop to the company’s VoIP network.
Is there a wider lesson to be drawn from this? Yes, and it is not to stop people going outside for a smoking break. If you do not know what is going on, you cannot enforce security policies. That applies to information security just as much as physical security.
I am sure the company had a perfectly good door entry system. It just was not used on that particular door. Likewise, I bet they have a good firewall and other IT perimeter security too.
Geoff Webb FutureSoft