Do not open a door for data thieves
In the movies, hackers only have to swivel from their pizza boxes back to their keyboards and type a couple of lines. With that, they have access to everything from the target’s credit card number to their emails and appointment books.
With organizations investing heavily in IT security, the reality might be a touch more difficult. That means those with malicious intent are becoming physical. They might come to your premises to steal the information they’re after. Alternatively, their visit might be a preliminary step, such as stealing a manual or a telephone directory they can use for social engineering.
Your light-fingered visitor might not be a visitor at all. It might be an insider—an employee or a contractor. Chances are greater than 50 percent that you’re not ready for that (the 2014 U.S. State of Cybercrime Survey by PwC, CSO magazine, Carnegie Mellon University and the U.S. Secret Service found that less than half of companies had a plan to deal with an inside threat, even though a third of companies thought an inside job would likely cost them more and do more damage than an outside job).
If someone can walk into your office and walk out with an unsecured laptop loaded with customer and financial information, it might be a lot easier than trying to hack their way into the same information.
Here are some simple tips.
1. Lock down the lobby
If you’re lucky enough to have a receptionist, don’t assume they’ll be able to have their eye on the door to the interior at all times. If you don’t have a receptionist, you definitely need a locked door between the entrance and the equipment.
2. Lock the data center
Someone with their hands on your equipment can do things that someone with only remote access can’t. Whether your data center is buried in a mountainside or a server cluster in a cupboard, lock it.
3. Check the locks
Proximity cards seem secure, but those beeps on acceptance can give a false sense of security. Make sure you’re using encryption or that someone nearby can simply capture the data and clone the card.
4. Keep “eyes” on at all times
The price of cameras and hard drives is so low today that there is no excuse for not having cameras.
- They’re a deterrent
- They’ll show you a threat in progress (if you’re watching—put a monitor on someone’s desk)
- If you’re not watching, you can review afterwards
5. Secure the portables
A central locker is a good thing to provide for laptops and external drives. If you don’t want to have to move the laptop from your desk every time you walk away, you can lock it to the desk. Portable locks are available when you’re using a laptop on the go.
Whatever physical security solutions you choose, the most important thing is to remember that you should always be aware of the physical weaknesses in your IT security.