Physical Security

##Physical Security: What Is It And Why It Matters

Given the current climate in which everyone is worried about the potential of sophisticated hackers and cyber criminals who target sensitive data and information, Hackers can hack anything. That's how the saying goes. One of the significant vulnerable parts of your digital presence is something you think defends. I wanted to introduce you to a new and unique approach that focuses on physical protection over technology/software.

Physical security is more related to the military, not your home. However, physical security plays a prominent role in protecting your digital data and information from hackers, cybercriminals and other online threats.

According to many sources online, "Physical security describes security measures designed to deny unauthorised access to equipment, facilities and resources and to protect personnel and property from damage or harm."

##Cyber Security Begins With A Strong Physical Security

One particular class of risks to the organisation is physical security. Good physical security is necessary for a solid overall security plan. Unfortunately, too many IT security professionals dismiss physical security and focus only on technical security controls.

Continually assess the best security controls as part of your risk management program. You must ensure that all critical IT assets are physically secured as individuals or organisations.

Lapses in physical security can expose sensitive company information to identity theft, potentially serious consequences.

For example:

An employee accidentally forgets a flash drive on a restaurant table. When he gets back hours later to get it, the industry with hundreds of Social Security numbers saved on it is all gone.

Another employee throws stacks of old company bank records into a trash can, where a criminal finds them after business hours.

A burglar steals files and computers from your office after entering through an unlocked window.

Tayo left home without locking his working PC. On returning, he discovered his siblings had already tampered with it, and some confidential files were lost. So now the question is, Who is Tayo?

##How To Protect Equipments And Paper Files

We've all heard thieves stealing laptops, tablets, and cell phones with information and intellectual property. So whether you're a business owner, an employee of a business, or even a student trying to protect your information, it's important to remember ways you can protect your devices and their content.

Here are some essential tips for protecting information in flash drives and on hard drives, laptops, point-of-sale devices(POS), and other equipment.

Securely Store: When paper files or electronic devices contain sensitive information, store them in a locked cabinet or room. Security measures like screen locker and full disk encryption for your digital devices can be helpful. But don't be like Tayo.

Limit Physical Access: Physical devices limit physical access from unauthorized personnel. When records or devices contain sensitive data and information, allow access to those who need it.

Send Reminders: Remind employees to log out of your network and applications, put paper files in locked file cabinets, and never leave devices or files with sensitive information unattended.

Keep Stock: Keep track and secure devices that collect sensitive customer data and information. Only keep the device, files and data you need and know who has access to them.

Biometrics: This is a form of access control based on some physical characteristic, behaviour or action of an individual which can be used as access control of physical access.

Physical security is a critical component and element of any security program.

However, focusing solely on physical security can leave your organization vulnerable to attacks that do not require physical access. Security teams should take a layered or defence-in-depth approach to security to ensure that all possible attack points are accounted for and mitigated.

For example, most physical attacks require social engineering to occur before they can be executed. That is likely where your security efforts should focus, on educating your employees and finding ways to identify attacks and mitigate the risk before they materialize.