Could Your Business Be at Risk Of a Physical Security Breach?
As your business or organization grows, creating and maintaining a physical security policy in order to protect against cyber attacks or threats will become critically important. Physical device security is often overlooked in small-to-medium business (or SMBs) since many organizations are focused on more immediate concerns, such as product development or sales growth. Many smaller businesses (and even larger enterprises) find it hard to justify the cost upfront. Unfortunately, this leaves them vulnerable to attack due to lackluster security policies.
How can you ensure your organization’s physical security is up to par? We have a few ideas.
Every Organization Should Have a Physical Security Policy
The best offense is a good defense. Businesses must implement proper physical security procedures, to support their technology investments and to ensure the safety and security of the data being used within their line of business applications.
By crafting a physical security policy for the devices on your network, your organization can be confident that its processes are in line with industry compliance standards.
Physical Security Policies & Procedures for SMBs
Could your organization be at risk for a physical security breach? Hackers and scammers will stop at nothing to gain to profit off of the destruction of your business. Because of this, we’ve created a quick list of policies and procedures that will help your enterprise get inline with physical security standards.
Perform an Audit of the State of Your Physical Security
How does your business currently track, deploy, and manage the physical security of your assets? Are employees, vendors, and visitors tracked when they arrive at your office? You’ll need a detailed log of each of these activities and the log should be able to be produced upon demand.
Apps and services are available to help your organization keep tabs, of course. Advanced 3rd party applications give your IT team the ability to setup alerts whenever policies are broken.
While some organization may use low tech methods of tracking physical security, such as keeping Excel sheets, others may require more in-depth analytics. Regardless of the route you take, here’s a few tips on what your organization should track, monitor and audit on regular basis:
- Identification – Require that employees, vendors and visitors have a badge that identifies who they are.
- Asset Tracking – When new IT assets are purchased, specification such as serial number, make and model should be recorded.
- Asset Deployment – IT staff should develop a system that allows to them to know who has an asset and where it is deployed.
- Physical Access – Non IT employees should never have access to a room that stores IT equipment.
- Consider Video Surveillance – If you have a server closet on premises, these assets should always have some sort of video surveillance facing the equipment as well as the outside walls of the room.
Physical Security Policies Regarding Offsite Use of Company Equipment
Many organizations deploy agents into the field with smartphones, tablets, and laptops. How can an IT staff ensure the security of these devices when they aren’t being used within a traditional office setting?
Many solutions exist out of the box while more advanced solutions may require 3rd apps. Here is a basic overview of how to ensure the physical security of each of these devices.
Securing Smartphones, Tablets and Laptops
Smartphone security is pretty basic in the fact that most users will setup their own PIN to secure the device. After so many incorrect entries, the device can be configured to erase all of the data on the phone.
One popular solution that IT departments are using is called the Prey Project. If a laptop, tablet or mobile device is stolen and the security PIN number has been breached, the Prey Project helps organizations recover their devices by installing a small, lightweight agent that allows organizations to track and monitor its whereabouts. The Prey Project also gives organizations the ability to remotely lock the screen, take a picture using the device’s camera, or find the device on a map using the geolocation feature.
Other Physical Security Tactics
You should always use the baked-in data encryption features on the devices that you deploy.
For example, devices running Windows can utilize the BitLocker security feature to encrypt the hard drive of a laptop. Users would have to enter the BitLocker password to continue booting into the laptops operating system.
If your fleet of mobile devices consists mainly of laptops, consider buying a laptop lock for each of these devices. As employees move from location to location, they will be required to lock the laptop onto the desk in which they are using. This ensure that the device won’t be stolen if the employee happens to turn their back or walk away from the desk.
Tying it All Together
Depending upon your organization, a physical security breach could cost your business significantly more than just the value of the assets that you’ve lost. A physical security breach could harm your organization’s reputation, causing potential clients to shy away from using your services.
Begin training your employees on basic physical security practices so that they can become aware of the impact of a physical security breach. Always entertain employee feedback on these policies, as your IT department will be tasked with finding a comfortable medium between enforcing compliance standards and educating users on how to navigate the new policies.
Looking for advice on how to best implement your security policies within your business? Give BACS Consulting Group a call. We have plenty of experience in security services and would be happy to speak with you about the importance of updated data backup, what happens in a disaster recovery situation, or how best to protect your confidential information from finding its way into the wrong hands. We’re prepared to scale to meet your company’s needs, so even if your company grows, you can have the peace of mind that comes with your IT security growing right alongside you. Contact us by phone at (650) 887-4601 or online today!