In a 2015 study
conducted by Ponemon Institute, a data security research organization, they found that the average total cost of a data breach incident was $3.8 million. In 2014, the average cost was only $3.5 million. In recent years, data breach has become increasingly common that many companies are stepping up their IT security features.
“Most of what’s occurring is through organized crime. These are well-funded groups. They work Monday to Friday. They are probably better funded and better staffed than a lot of people who are trying to defend against them,” said Caleb Barlow, vice president of IBM Security.
When it comes to IT security, many of us are concentrated on Internet-based attacks and seem to forget that IT security can be compromised with physical attacks as well. In a 2014 investigative report from Verizon, researchers found that a majority of company employees committed cybercrime acts right under the noses of coworkers and during work hours. Physical security is also at the foundation of a business’ IT security.
Tips to Avoid Physical Security Threats in the Workplace
Here are some ways companies can avoid physical security threats.
Lock Server Rooms
Cloud-based servers are all the hype now, but many companies still use conventional server rooms. Ensure that server rooms are only accessible to authorized employees and that they remain locked.
Anyone who has access to the server room can potentially do a lot of damage to the company. So, it is important to create policies to determine access as to who, what, and when goes in and goes out.
Lock Network Devices in Server Rooms or Secure Locations
A hacker can simply plug a laptop into network devices or use a sniper software to gather data and do damage. Network devices should also be under lock and key, either in the locked server rooms or locked rooms in a secure location.
Place the Server Room under Surveillance
Despite policies, break-ins in server rooms are not uncommon in the workplace. It could be an unauthorized access or misuse of the authority given, but these incidents happen and can cost your company a lot.
Place the server rooms under surveillance and make sure the cameras are placed where it cannot be easily accessed or tampered with. You can also set up a log book, so every entry is properly documented.
Secure Workstations
Empty workstations and offices can also be a threat. For instance, someone can easily plug in an unsecured laptop to delete information that is vital to the business.
In fact, any vacant work area that is easily accessible to the public can be a threat. The receptionists’ desks are great examples as someone can easily plug his or her unauthorized device into the server and do the damage.
Secure Company Printers
Many printers have onboard memories that can be hacked. Unauthorized employees can easily make reprints of previously printed files that contain sensitive information.
Printers should be placed in secure locations, and ensure that they are bolted down, especially if it’s a portable one. This way, no one can simply walk away with it along with company information.
Add a Layer of Security to Portable Devices
Many companies use laptops these days. However, these portable devices pose bigger threats. Unlike desktop computers, thieves can easily run off with smaller devices.
The simplest and most inexpensive IT solution is to provide employees with cable locks. Other options include the installation of motion sensing alarms or locked drawers to keep portable items secured even when employees leave their desks.
Secure the Backup Files
Backups are important, but sometimes, many IT administrators fail to secure the backups properly. Many keep these backup files in unlocked server rooms. Like network devices, they should be under lock and key or, better yet, kept at a secure location outside of the workplace.
Many companies have policies against employees using their own external hard drives and USB drives. But, for businesses that do not have such policies, anyone with a device for saving data can run away with your backup files if they are not stored properly.
Disable USB Ports
Many multinationals disable the USB ports in their company-issued work laptops and computer stations. This simple IT security solution ensures that no employee can transfer company data into an external device.
Improve Your Defense against Physical Security Threats
Every day, companies are subject to internet-based and physical threats. This is why many IT solutions include data protection against physical security dangers, and not just the ones circling in cyberspace.
Data breach and cyber attacks are very costly incidents to companies its customers and stakeholders. These tips are easy and cost-efficient, so don’t wait until the threats are knocking down your doors. Improve your defense using well-placed security features and policies.
Vlad DeRamos
Vlad de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security. He is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.