I’ve noticed on several occasions entering office buildings where they have a visitor’s log, it can make for some interesting reading as you sign your name. Visitor access logs are one of the fundamental audit controls in IT and physical security. Who was there, when, representing whom? But when competitors of one another visit a mutual client, it can provide competitive advantages one way or another, or it can be used to gain information about what brand of firewalls or antivirus safeguards are used by an organization.

I’m sometimes surprised at the fact that some highly secure organizations have never taken the initiative to allow visitors to sign in on a medium that doesn’t reveal who came in a few minutes or hours earlier. Maybe I’m just paranoid, but it is something to keep in mind. At least keep it to one sheet instead of a binder of the entire month’s visitors. That could be a significant risk for leakage of information useful in planning an attack.

On the lighter side, I have seen the ploy used intentionally to add a sense of urgency to competitive vendors in their final negotiation stages with a customer. They arrive at the customer site to see in the visitor logs that their chief rival was in a few hours earlier with their big guns to make a last minute concession or proposal. Were they really there, or was it just a tactic to make the vendor sweat?

So, just remember that access history can often be viewed by all visitors, unless you manage them frequently.