When it comes to enterprise security, the focus seems to be strongly on the likes of data security but even the strongest of firewalls and the best password protection in the world cannot account for human error or physical threat and these are the risks that tend to be forgotten or overlooked.
Think about physical security on a personal level for a moment – how much data do you store on your mobile phone or tablet? Is that data important?
Do you store your bank details and credit card details? Now think about the impact of having that phone or tablet stolen.
Many organizations don’t consider the implications of data being stolen in this way because they are placing all their faith in the manufacturer of the device and the security system they have in place.
While these systems might be able to stop your device from being hacked and the data remotely downloaded, they can’t fight against you leaving that device somewhere or having it physically stolen from you.
You could be forgiven for thinking that device theft only happens for the financial gains that can come from selling the stolen device but there is much more to be gained from selling information that may be on your device or using your bank or credit card details fraudulently.
You might think this is a small risk but it is an important one and it should never be overlooked.
It is important that you make physical security a part of your entire enterprise security policy and plan. It doesn’t matter what hardware or software protection you have in place, you can never entirely write off the risk of theft and of human error.
How you improve physical security depends on the size of the organization and the nature of the data that is stored on the devices.
The following are guidelines that you should follow to increase physical security within the enterprise:
Secure Your Servers
If your organization is big enough to require the use of dedicated servers, protecting them should be your first priority. If someone could get into your server room, they could do untold damage, not just physically but in stealing data as well.
Make sure your server is in a locked room, with a sturdy door. It doesn’t matter how good your lock is, if the door can be broken through, the lock is useless.
Talking of locks, forget about your normal everyday lock. What you want here is a system that allows only authorized personnel to enter the server room so use a lock that requires access cards or a security lock that is changed on a regular basis.
Or you could down the route of using a biometric security system. Any of these will help protect the server room from unauthorized access and will also allow you to see exactly who goes into the room and when.
Use surveillance cameras. These are often one of the best deterrents to discourage unauthorized access to your server room.
They will also provide evidence if someone who does have official access abuses that access. Couple with logs of who goes in and out of the room or the building will provide far more security.
Have an alarm system in place. In case you are broken into, you need to know about it as quickly as possible. An alarm system will alert the authorities, alert you and will panic the would-be criminal. They will either rush their attempt or will run off.
Desktop and Laptop Security
We should all be aware of how much data can be stolen if desktops and laptops are not secure so the following measures should be followed by all organizations.
Disable every means on a laptop or desktop that can be used to transfer data without using Wi-Fi. USB ports and CD/DVD drives are the two main one and disabling them means the data on that computer cannot be moved.
If you have computers in the office that are not being used, at the very least, ensure they are disconnected from your network and, where possible, stored out the way in a secure room.
That room needs to be monitored because confidential data may still be stored on the computer hard drive. Do NOT store these computers in your server room – they need to be separate.
The absolute last thing you need to do is provide a would-be criminal with access to everything in one room.
Invest in security cables for all desktop and laptop computers. These ensure that the computer is locked to the workstation it is on, making it far harder to just pick them up and walk out with them.
Make Your Employees Aware
One of the most important things you must consider is employee awareness.
Each and every employee in the organization must be made aware of which rooms are secure, who is allowed to access those rooms and why there is such a high-security level in place.
As an example, a social engineering experiment was carried out at Kingston city council. A complete stranger was allowed to access the server room, supposedly secure, simply by asking someone where it was.
If your staff are aware of those who are allowed access, mistakes like this can’t happen.
Physical security is as important as any other type of enterprise security and should not be brushed aside.
Instead of focusing entirely on the sophisticated online and digital security measures for your organization, include the more traditional ones as standard.