Air-Gap

Improving your organization’s physical security

Home »  Security »  Improving your organization’s physical security

Improving your organization’s physical security

In the mad dash to combat hacker and the growing number of cyber security threats, many organisations are forgetting to secure their own front door! While the majority of attacks against businesses originate online and normally are non targeted, physical attack’s do happen and can have devastating consequences if safeguards aren’t in place.

You don’t need to turn your office into Fort Knox to be secure! The following tips can greatly increase the difficulty of an attacker compromising your building.

Enforce a sign in policy for visitors

  • All visitors into your building should be signed in at reception. This ensures you have a record of who is in the building at all times and who they are visiting.
  • Always ask for Photo ID of new visitors to confirm their identity, and ask who they are visiting and the purpose of their visit. If you have any suspicious about the person, don’t be afraid to question them further and confirm with the staff member was expecting someone.
  • Consider using a digital visitor system instead of a paper visitor book. Not only does this give a good impression to visitors, it ensures personal information from other visitors isn’t on display or can be stolen, provides real-time data as to who is in the building and can provide alerts if someone is banned from the premises.
  • Visitors should be required to wear a visitors badge at all times and be escorted around the building by a staff member.
  • Ensure staff enforce that all visitors must sign in and vigilant of people trying to sneak in via alternative entry points.

Keep IT infrastructure and sensitive information out of sight

  • Computer in high traffic areas should be out of sight such as under desk to prevent tampering, like plugging in a USB stick without the operators knowledge.
  • Networking equipment should be in a locked cabinet
  • Disable unused network points and enable port security features such as mac address filtering.
  • Be aware of what the visitors can see when roaming around the building: Nearby computer screens, whiteboards, documents left on desks.

Computer Equipment must be password protected

It sounds basic and low-tech, but a open computer is a gold-mine for even a novice attacker to exploit.

  • All computers should be password protected with a non generic password
  • Passwords should not be written down on a sticky note next stuck to the screen or on the bottom of the keyboard. Honestly it happens more than you think!
  • Enforce a policy that all workstations must be locked if the user is moving out of arm’s reach.
  • Computer should be set to timeout and require a password if inactive for 15 minutes.

Clean Desk Policy

Clean desk policies can seem pedantic, but they have a valid purpose beyond just keeping a neat appearance. Cluttered desks significantly increases the risk of data-loss and misplacement of sensitive information.

  • When leaving the workplace temporarily all visibly sensitive documents should be filled or removed from sight and the workstation locked.
  • Each task’s paperwork and documentation should be filed away before starting the next
  • At the end of each day all sensitive documents, portable equipment such as laptops, security tokens, USB keys and directories should be locked away. All unneeded notes, paperwork and rubbish should be securely disposed of.

CCTV, security systems and motion lighting

  • All entry points into the building should have exterior CCTV cameras, it’s not overly expensive nowadays for a digital setup which can clearly capture faces and number plates. Even something as simple as a $50 IP camera at reception is a huge deterrent.
  • Your building should have a multi-zone alarm system with 3G backup which sends a message to a nominated number on activation. An attacker or burglar can do far less damage if they only have 10 minutes than all night if your not aware someone else in the building.
  • Motion activated flood lights should be installed on all entry/exit points. Paired with cameras it can really turn a stealth entry into a public affair.

Beef up your exterior protection

  • Installing metal plates over the gap between the door and frame offers moderate protection against being forced open with a crowbar
  • Consider installing plastic guards over door handles and lock tabs to prevent an attacker using a piece of wire or tools to unlock the door.
  • Security films can be excellent deterrent for would be attacks for a fraction of the cost of replacing windows. This holds the window together and prevents it instantly shattering when smashed with a object and can significantly slow down an attacker.
  • Prune large plants around the building and car park which could conceal an attacker

Implement Keyless entry cards

Key-cards can seem like unneeded high-tech junk for a small business, but it serves a valid purpose.

Unlike a traditional keyed locks, a key-card can be tracked down to who opened what door at a certain time. If a access card is lost, compromised or an employer has left the card can be disabled.

Keep an inventory of equipment

One of the first signs of a security breach is missing equipment. Without a regular inventory and asset register you may never realize the full extent of the incident.

A register can help you establish exactly what items are missing and provide in depth details on  ownership, serial numbers and a indication of what information may have been compromised. Checkout our article 10 reasons why you should be using asset registers to see more important reasons why.

Secure Disposal of documents and old IT equipment

What goes into the building, often gets thrown out!

Staff Training

Your staff are often the first point of contact with attacks, quality training can allow them to identify and avoid situations which don’t quite look right

  • Provide education on common social Engineering techniques (phone, email, in person)
  • Instruct staff to not plug in lost USB keys which may have been found on the premises, they may have deliberately been left there!
  • Educate staff on the email phishing, checkout our guide How To Spot Phishing Emails

Regularly Perform An Audit

Inspecting your premises and checking to see if staff are following the correct procedures on a regular basis is core part of maintaining a secure environment.
At-least on a monthly basis you should be checking that:

  • Check all external windows, doors, locks  lights and security measures are in good condition
  • Check all cameras are recording correctly and producing a good image
  • Inspect all computers and networking equipment for tampering
  • Review staff compliance of security policies: Leaving computers unlocked, sensitive information on desk, correct completion of visitor logs<
  • It’s also a good time to check your backups, including your offsite one

Does your organisation need help improving or reviewing their security?
Drop us a line on 1300 733 240 or send us message to get in contact

What ways do you keep your premises secure? Leave us a comment below

Leave a Reply

Your email address will not be published. Required fields are marked *