Did you know that one of the most often looked over aspects of IT security is actually Physical Security? With today’s complex threats, physical security has unfortunately taken a back seat…
As few as 15 years ago, if you mentioned security to someone in the business world, they would immediately think about alarm systems, badge readers and door locks. The focus today is on logical security — threat management, breach detection, intrusion prevention, etc. With the threats we face today from all over the world, logical security is very important. Physical security has unfortunately been relegated to the realm of secondary concerns.
According to csoonline.com “the world of CISSP certification, physical/environmental security has historically been one of the nine domains. As of 2015, it was combined with another domain that includes other items, further evidence of its diminishing importance in the minds of many security experts.” With physical securities role being diminished, in regards to the most sought-after technology security certification, the public has shown that they are starting to overlook it as a concern. However, I know that physical security is still of vital importance to information security, and is dangerous to overlook.
Whether it be through an open lobby where a person can walk into the business directly without someone to stop them, an unlocked data center where an intruder could get to your IT systems without anything stopping them, poorly secured doors, lack of surveillance, or inadequate intruder detection a person could cause havoc, steal valuable information, or gain full time access to your network without anyone even noticing. Many times the first instance of a foothold on a network comes from a form of physical breech. A company will spend hundreds of thousands of dollars securing their network perimeter but will leave computers unlocked and servers sitting on a shelf out for people to gain access to. All it takes is one person to have access to a server for less than 30 seconds and your entire business could potentially be taken offline or worse have all valuable information regarding the business and clients looted.
It sounds scary but it is the truth, overlooking your physical security at your business puts you at great peril.
It is always a wise idea to put defensive measures in place wherever possible, install doors and locks to prevent access to computers, enable screensavers that require passwords to unlock computers, enforce the Windows+L shortcut (Lock computer) when people leave their computer. Install security cameras such as Verkada cameras anywhere valuable information is stored. Even if the server room is locked there should be a camera located in it, looking at your servers.
If you want a physical security assessment please feel free to contact us and we will be happy to assist you in getting your physical security in order, whether it be through security controls or cameras we are specialized in finding weaknesses and teaching you how to counter them.
We stand by ready to help you keep your technology safe.