Improving your organization’s physical security
In the mad dash to combat hacker and the growing number of cyber security threats, many organisations are forgetting to secure their own front door! While the majority of attacks against businesses originate online and normally are non targeted, physical attack’s do happen and can have devastating consequences if safeguards aren’t in place.
You don’t need to turn your office into Fort Knox to be secure! The following tips can greatly increase the difficulty of an attacker compromising your building.
- All visitors into your building should be signed in at reception. This ensures you have a record of who is in the building at all times and who they are visiting.
- Always ask for Photo ID of new visitors to confirm their identity, and ask who they are visiting and the purpose of their visit. If you have any suspicious about the person, don’t be afraid to question them further and confirm with the staff member was expecting someone.
- Consider using a digital visitor system instead of a paper visitor book. Not only does this give a good impression to visitors, it ensures personal information from other visitors isn’t on display or can be stolen, provides real-time data as to who is in the building and can provide alerts if someone is banned from the premises.
- Visitors should be required to wear a visitors badge at all times and be escorted around the building by a staff member.
- Ensure staff enforce that all visitors must sign in and vigilant of people trying to sneak in via alternative entry points.
Keep IT infrastructure and sensitive information out of sight
- Computer in high traffic areas should be out of sight such as under desk to prevent tampering, like plugging in a USB stick without the operators knowledge.
- Networking equipment should be in a locked cabinet
- Disable unused network points and enable port security features such as mac address filtering.
- Be aware of what the visitors can see when roaming around the building: Nearby computer screens, whiteboards, documents left on desks.
Computer Equipment must be password protected
It sounds basic and low-tech, but a open computer is a gold-mine for even a novice attacker to exploit.
- All computers should be password protected with a non generic password
- Passwords should not be written down on a sticky note next stuck to the screen or on the bottom of the keyboard. Honestly it happens more than you think!
- Enforce a policy that all workstations must be locked if the user is moving out of arm’s reach.
- Computer should be set to timeout and require a password if inactive for 15 minutes.
Clean Desk Policy
Clean desk policies can seem pedantic, but they have a valid purpose beyond just keeping a neat appearance. Cluttered desks significantly increases the risk of data-loss and misplacement of sensitive information.
- When leaving the workplace temporarily all visibly sensitive documents should be filled or removed from sight and the workstation locked.
- Each task’s paperwork and documentation should be filed away before starting the next
- At the end of each day all sensitive documents, portable equipment such as laptops, security tokens, USB keys and directories should be locked away. All unneeded notes, paperwork and rubbish should be securely disposed of.
CCTV, security systems and motion lighting
- All entry points into the building should have exterior CCTV cameras, it’s not overly expensive nowadays for a digital setup which can clearly capture faces and number plates. Even something as simple as a $50 IP camera at reception is a huge deterrent.
- Your building should have a multi-zone alarm system with 3G backup which sends a message to a nominated number on activation. An attacker or burglar can do far less damage if they only have 10 minutes than all night if your not aware someone else in the building.
- Motion activated flood lights should be installed on all entry/exit points. Paired with cameras it can really turn a stealth entry into a public affair.
Beef up your exterior protection
- Installing metal plates over the gap between the door and frame offers moderate protection against being forced open with a crowbar
- Consider installing plastic guards over door handles and lock tabs to prevent an attacker using a piece of wire or tools to unlock the door.
- Security films can be excellent deterrent for would be attacks for a fraction of the cost of replacing windows. This holds the window together and prevents it instantly shattering when smashed with a object and can significantly slow down an attacker.
- Prune large plants around the building and car park which could conceal an attacker
Key-cards can seem like unneeded high-tech junk for a small business, but it serves a valid purpose.
Unlike a traditional keyed locks, a key-card can be tracked down to who opened what door at a certain time. If a access card is lost, compromised or an employer has left the card can be disabled.
Keep an inventory of equipment
One of the first signs of a security breach is missing equipment. Without a regular inventory and asset register you may never realize the full extent of the incident.
A register can help you establish exactly what items are missing and provide in depth details on ownership, serial numbers and a indication of what information may have been compromised. Checkout our article 10 reasons why you should be using asset registers to see more important reasons why.
Secure Disposal of documents and old IT equipment
What goes into the building, often gets thrown out!
- Ensure all sensitive documents are shredded or destroyed before being disposed of in the trash.
- Computer equipment should be sanitised before disposal. Checkout our article ‘What Secrets are you giving away with your old it equipment’ to learn more about how to safely dispose of equipment.
- Provide education on common social Engineering techniques (phone, email, in person)
- Instruct staff to not plug in lost USB keys which may have been found on the premises, they may have deliberately been left there!
- Educate staff on the email phishing, checkout our guide How To Spot Phishing Emails
Regularly Perform An Audit
Inspecting your premises and checking to see if staff are following the correct procedures on a regular basis is core part of maintaining a secure environment.
At-least on a monthly basis you should be checking that:
- Check all external windows, doors, locks lights and security measures are in good condition
- Check all cameras are recording correctly and producing a good image
- Inspect all computers and networking equipment for tampering
- Review staff compliance of security policies: Leaving computers unlocked, sensitive information on desk, correct completion of visitor logs<
- It’s also a good time to check your backups, including your offsite one
Does your organisation need help improving or reviewing their security?
Drop us a line on 1300 733 240 or send us message to get in contact
What ways do you keep your premises secure? Leave us a comment below