Don’t Overlook Physical Security

Fingerprint scannerWhen considering IT safety, what usually comes to mind are programs and systems like those that deter hacking, data breeches, software theft and virus protection. What is not as widely discussed, but is as important, is what is known as physical security. Physical security is the protection of people, software, hardware, networks and data from “physical” attack and/or damage such as fire, flood, natural disasters, vandalism, burglary and even terrorism. These types of events can have catastrophic effects and potentially render companies paralyzed, resulting in lost business and lost profits. All the firewalls in the world can’t protect companies from a physical security threat.

We are all busy, and with so many daily work challenges to contend with, physical security is not something we often think of, but it’s important that company management and employees make it a priority. There are several steps that companies can take to protect against physical security:

Lock The Doors. Keep vulnerable network devices under lock and key. Additionally, keep track of the number of keys and the personnel who have them; a key log in/out system may be a good option. Better still, a card scanning/authentication system can keep a record of who enters the locked area and when.

Set Up Surveillance. It would be wise to invest in a reliable surveillance system, like a continuous recording or a motion-sensor system and have it located in an area where it cannot be tampered with. You will be able to monitor who is accessing your valuable systems and equipment.

Use Rack Mounts. Rack mounts can be loaded with several servers and bolted to the floor, making it much more difficult to walk away with an entire package.

Monitor Open Computers. That computer your receptionist uses, as well as any other employee computers in view, are made vulnerable when personnel leave their desk/office. Your company should have a policy regarding how open computers/work stations will be protected when not in use. Some actions you could take might include, disconnecting old computers and storing them away, locking office doors when employees leave their offices, or adding smart cards to computers to make it more difficult for unauthorized people to log into them.

Keep Cases Locked. Servers and workstations should be protected against hard drive grab-and-runs. Many computers have case locks that could be used and locking kits can also be purchased.

Don’t Forget The Portable Devices. Laptops, smart phones and other hand held devices can be swiped easily by the unscrupulous. Use those desk keys that most of us leave hanging from the lock in the drawer—lock hand held devices in a drawer (and take the key with you) or other secure area when not in use. Slip small handhelds into a pocket when leaving a work area. Investigate security kits that are available today, such as biometric readers or software that will “phone home” if a device lost or stolen.

Secure Backups. Question; who has seen backups sitting next to the server room? Ok, everyone put their hands down. Lock up the backups or secure them offsite. Drives Or No Drives. Some companies will actually disable computer drives, so that external drives cannot be attached to a computer, in order to stop a potential thief from stealing sensitive company information.

Remember The Printers. Some of today’s printers have on-board memories and can offer a shameless pilferer another opportunity to steal your company information. Take the same care in securing them . . .bolt them down, lock them up or limit access.

Prepare For Disaster. Fires, floods, vandalism and other disasters should be considered when creating a physical security plan for your company. Although these events are most likely unlikely, they can and do happen. Your company must be prepared for these events and have a recovery plan in place. Management and employees need to be vigilant about protecting company assets. A professional security company may be able assist you with the many safety options available.