Would your workers pass the test?

As an executive at an IT consulting company, Bruce Baird assumed that his workers were security-savvy. But a conversation with a former colleague rocked his confidence.

Baird, vice president of operations at T2 Software Services Inc. in Tampa, Fla., learned from security expert Todd Snapp that hackers can set up phones to spoof the Caller ID names of legitimate companies.

"One of the things we look for when we hire consultants is interpersonal skills -- [people who ask] 'How can I help you?' when talking to clients. And if they think they're talking to the client and they're really not," they could be unintentionally passing along information to hackers, Baird says.

Companies have used so-called penetration testing to see how well their technology can fend off intruders. Some are now using the same techniques to see how well their employees can spot potential problems. The results, according to reports, aren't encouraging.