WATCH Physical Security – Day 11 of Cybersecurity Awareness Month 2021
Shelly Miller
So Craig, let’s talk about physical security. You don’t hear about that much.
Craig Taylor
Yes, physical security is one of those lesser, probably followed or less priority is placed on it by many businesses, but it is very important and there’s some simple things you ought to be aware of and do. So what is it? First and foremost? Well, when it comes to building access, physical security involves making sure that the wrong people don’t enter privileged areas of the building. And they do that through things like piggybacking or tailgating, you’ve seen perhaps someone walking up to a door with their arms laden with books or bags or boxes, and a helpful employee just opens the door sight unseen, lets them walk right in, well, that person might not belong there. And that is known as piggybacking or tailgating. other businesses don’t have picture ID badges.
So they may not know you may not know if this is a real legitimate employee in the building if it’s a contractor or vendor, or hacker trying to steal information. And another area of physical security is logical access. And that might be an unlocked computer. If you get up from your desk to go to lunch, and you don’t lock your computer someone else could come along, send an email as though you’re you send data or critical files off your computer to themselves. On attended mobile devices is a physical threat. If you get up from your coffee shop table and leave your laptop or cell phone there and go to the bathroom. It may not be there when you get back. Another area of risk is a clean desk. Accounting firms law firms, leaving files out on desks overnight, puts them at risk for cleaning staff or maintenance workers who may come and take pictures and use that data to sell to identity theft. Hackers online. So these are all examples of physical security threats we need to be aware of.
Shelly Miller
Okay, so how do MSPs and small businesses protect themselves from physical security?
Craig Taylor
Well, the good news is it’s not rocket science. It’s easy to protect yourself from physical security threats, it’s a little harder to enforce. But here’s what you do. First, you need to guide your employees with a policy around questioning visitors to your building. If you’re still working on in an office during COVID. A lot of folks are working remote, but you should have it written down in a policy that your employees accept something like a written information security plan that calls out physical security threats like piggybacking and tailgating and what to do.
Require your employees to wear picture ID badges with an RFID sensor so that you have controlled access to especially your server room, but more importantly to your building in areas where there might be sensitive data stored.
Publish a clean desk policy that requires all sensitive files critical files to be locked up when not in use. Right. It may not be required when you go to the bathroom to put it away. But if you’re going to lunch or overnight, lock it up. Set your computers through group policy to auto lock after a timer so that if someone does forget, another person can’t walk up to their computer and cause damage. And here’s a tip for all you out there a real simple way to lock your computer. If it’s a Windows computer, Windows Key l locks the computer for a Mac, you can either shut the window, shut the keyboard top and puts it to sleep, the monitor or you can press command control q to lock the computer.
Shelly Miller
Okay, those are great tips. And so basically a security policy in place is what’s most helpful.
Craig Taylor
Yes, it will help in today’s businesses avoid a costly breach of your data and that is a goal. We’re all out to protect against
