Cyber Security: Let's Get Physical
By Mike Ginty
October is National Cyber Security Awareness Month and information leaks are all over the newsfeeds. A leak or data breach is costly to repair and recover, and it is certainly costly to regain the confidence of customers and investors. According to Gartner, IT departments worldwide are going to spend $2.77 trillion in 2016 alone to secure their networks. But the first steps in data security don’t even involve software; they are good physical security practices that should be part of every company’s security culture. Here are five physical security measures which can be put in place to mitigate some of the most common cyber security vulnerabilities.
It seems pretty simple, but it often gets overlooked. If you want to protect your data, you need to restrict who can access your data, and not just digitally, but the actual room or rack where your system is kept. Locking the area is a step in the right direction, but keys and combinations can be compromised. In order to truly secure the area you need to log who goes in and out of the space either with an access control system that logs individual users or by placing a camera in the area to see who is coming and going.
Not all thieves break in through the windows after dark. Some of them walk right in the front door during daylight hours. Three things are core to any visitor management system: 1. Having a person at the front desk monitoring people coming in the front door. 2. Having a visitor log or digital sign in system. 3. Escorting visitors and vendors while they are in your space. In today’s open office environments, the casual lunchtime visitor could overhear conversations related to new market growth strategy, observe a cash flow projection model on a monitor or even snap a pic of a product in prototype. For all of these reasons, it is vital that you are able to keep a current and accurate list of who is in your space and guide what they see and hear.
In addition to locking your screen when away from your desk, having a strong password, and having the ability to remotely lock or wipe your device, simply locking up your devices goes a long way. Laptops and mobile phones make a mobile lifestyle very convenient, but they also make it very easy for a thief to grab a lot during the two minutes or less that most thieves are in a facility with an alarm going off. Laptops and mobile devices should not be left out overnight. They should either be taken home or locked up. This can be complemented by having a complete inventory of all devices as well. Sure a burglar might take a monitor, but they won’t get your data.
Shred early and shred often. Paper is is used less and less in our increasingly digital world, but it is not completely obsolete. Everything from board presentation slide decks to post-its should be shredded or disposed of using a certified secure destruction company. Securing your network means nothing if the same information is printed out and then discarded in the recycling bin.
Life happens. Laptops and mobile devices are lost or stolen, approximately 12,000 per week in airports alone. Having a robust reporting mechanism without fear of retribution, encourages employees to report incidents right away. All too often employees delay reporting because the system is too complicated, they are afraid of termination or they think they can recover the missing item on their own. If an employee has a lightweight way to alert the IT department, the chance of recovery and/or mitigation increases exponentially.
The right policies and procedures can help create a strong security culture that if implemented early and practiced regularly will become second nature for employees. With these simple physical security measures, all employees become an extension of the security team and help keep the company’s data safe.