Last week we covered the basics of cybersecurity best practices. This week we’re shifting gears to focus on physical security around the office. While digital defenses like firewalls and antivirus software are critical, the physical security of devices and workspaces is just as important.
Don’t let seemingly small vulnerabilities like unlocked computers or sensitive documents left out allow attackers to gain a physical foothold in your business. Follow these tips during Cybersecurity Awareness Month to implement access control and lock down the physical security of your organization.
Lock Computer Screens
Whether it’s going to grab coffee or running to the bathroom, make locking your computer an ironclad habit anytime you step away from your desk.
Leaving your computer unlocked provides an opportunity for anyone walking by to access company data or confidential customer information. Or if you have remote access enabled, an unlocked screen gives hackers a doorway to slip right in.
Enabling automatic screen locking requiring a password after just 5-10 minutes of inactivity is a simple step to shut this door. No matter how brief the absence, get into the routine of manually locking your screen as well.
Caution staff against ever leaving their computers logged in overnight. At the end of the day, employees should fully log out to require credentials to access the system again.
Securely logging out prevents the risk of unauthorized activities occurring under an employee’s account when they are away for an extended time.
Secure Devices When Not in Use
Laptops, tablets, and mobile phones should be safely secured when not actively being used during the workday. These portable devices contain huge amounts of sensitive company data.
If left unattended on desks, in conference rooms, or in vehicles, they can easily be stolen and lead to a security breach.
When portable devices are not actively being used, employees should securely lock them in drawers, cabinets, closets, or lockers to safeguard them. This physical security measure removes the enticement for quick grab-and-go thefts.
Never leave mobile devices like laptop bags or tablets visibly sitting out on desks when away – even for a few minutes. The risk is too high.
Caution staff against leaving portable devices in vehicles. If absolutely necessary, lock them in the trunk or glove box out of sight to mitigate potential access.
Securely storing devices when not in use is a straightforward way to eliminate easy targets for criminals seeking to steal confidential corporate data.
Avoid Writing Down Passwords
It may seem like an easy way to remember complicated passwords, but writing them down on paper is a major security no-no.
Notebooks, whiteboards, calendars, sticky notes, and other physical places where passwords can be recorded must be avoided at all costs.
These vulnerable analog password stores are easy targets for criminals if found. And it is all too common for passwords jotted down to be left out in the open or disposed of without being shredded.
Verbally sharing passwords with other employees to avoid writing them down comes with just as much risk of social engineering.
If passwords must be stored digitally, secure password manager apps protected by a strong master password are the only acceptable option to control access.
Ban openly visible written passwords in the office during Cybersecurity Awareness Month. They are an unnecessary vulnerability that undermines other careful security efforts.
Keep Sensitive Info Out of Sight
When visitors come on-site, sensitive physical documents need to be secured. Customer records, business plans, equipment manuals, and other confidential papers should be safely locked up.
Desks should be cleared of any visible documents containing private customer or employee data when guests are touring the office.
Whiteboards and posters with sensitive information should be removed from public sight. Lock file cabinets, server racks, and storage rooms to prevent unauthorized physical access.
If contractors are performing work on-site, tightly limit their access to only necessary areas. Closely supervise them any time they must enter secure rooms.
Collect staff security badges, keys, access cards, and any other physical security items so they are not left out for guests to see. Never openly display credentials that would help outsiders navigate the office.
With a few simple steps, you can avoid leaving enticing sensitive documents or access items lying around for visitors or intruders to take advantage of.
Report Lost or Stolen Devices Immediately
Promptly reporting lost or stolen devices allows accounts to be immediately secured before data falls into the wrong hands.
The longer a mobile device is missing before being reported, the greater the danger grows. Criminals can use the interim to begin probing for a way into networks using the device as a gateway.
If a laptop, tablet, or mobile phone containing corporate data appears to be lost for good, remotely wiping or locking the device should be done ASAP. This renders the physical device useless to attackers.
Staff must understand the importance of immediately informing the IT security team about any potential device losses. This rapid incident response can stop criminals before company data is compromised.
Prioritize Physical and Cyber Security
While cyber threats are usually more top of mind, physical vulnerabilities can be just as dangerous. Put physical security in focus this Cybersecurity Awareness Month.
Simple diligence around locking idle computers, securing devices, protecting written passwords, keeping sensitive documents secured, and reporting missing equipment can close glaring holes.
Empower employees to take an active role in shrinking the attack surface. A little physical security goes a long way to blocking nefarious physical infiltration.
Evaluate your current physical security system and procedures to identify potential weaknesses. Are your cyber and physical access control systems integrated? How could you better safeguard against social engineering risks or mitigate natural disaster impacts?
Protecting critical infrastructure in today’s connected world requires locking down both digital and physical vulnerabilities. What steps will you take this Cybersecurity Awareness Month to strengthen your defenses? Stay safe out there!
Q&A
The following are some variations of frequently asked questions around the topic of “What is physical security in cybersecurity?”. We hope you found the answer you were looking for and also take some time to dive deeper into ways to strengthen your cyber awareness education!