Five Simple Physical Security Tips to Enhance Cyber Security

Not all attacks emanate from the web. Here are a few tips to secure your physical data.
By Chris Holden, Information Security Consultant, on behalf of Cysec-Rco Co.
It should be obvious to everyone that an organisation needs physical security (locks on the doors, alarms, CCTV) to keep unwanted elements out. It should also be obvious that physical security can and should be used as part of your cyber security measures, as one of the weaknesses in any network is physical access to hardware.
The most obvious measures are simple things like locking servers, switches and routers into a separate room in locked cabinets, ensuring robust visitor access control, etc. The larger the business, the more sophisticated the security measures can be – but of course biometrics or card/badge access controls cost money and can be beyond the budgets of smaller businesses. However, here are some simple and cost effective tips that can be put into practice by businesses big or small that can mitigate some physical security vulnerabilities:
1. Lock Media Away
By far the most cost effective to implement, lock away backup media. Having servers locked away can be made pointless by having backup media left out, unsecured nearby. This goes for other media owned by the organisation – CDs, DVDs and USB thumb drives. All should be under lock and key when not in use. Backup media should perhaps be in a safe, or at least a locked cupboard. Other media can be kept in locked desk drawers.
Leaving media with company data on lying around is inviting someone unauthorised to take it. Of course, encryption should be used, too. That way, if media is lost or stolen, the data should remain secure.
2. Train Your Staff
Train staff to discourage shoulder surfing/visual hacking and to lock their computers/devices whenever they are away from them. It’s an old fashioned but easy way to get a user’s password, but looking over a shoulder and watching still works! Similarly, shoulder surfing is a great way to view confidential data.
Make it company policy that no unattended computer is left unlocked. Leaving a machine unlocked and unattended is an invitation to the unauthorised to poke around. Even if there is no nefarious intent, there is the risk of accidental deletion or alteration of data.
3. Disconnect Unused Ethernet Ports
Do not leave any unused Ethernet ports connected to a switch. An empty port can have a device plugged into it, and if it is live your internal network could be accessed. Be leery of having a VOIP phone in an area where visitors are left unattended. It can easily be unplugged and its Ethernet port used. Even if that Ethernet port is locked down to the device’s MAC address, it is very likely that the device will have its MAC address printed on it somewhere. If the MAC address is known, it can be spoofed.
4. Physically Protect Hardware
Servers and switches might be under lock and key, but what about other hardware? Consider using cable locks, or even case locks or full enclosures for desktop machines that store or handle sensitive data (and especially for any upright servers your organisation might have), because if data is the target HDDs are easier to steal than whole machines.
USB port blockers are a cost effective physical security option to stop anyone unauthorised (including your own staff) from plugging in USB devices that might pose a threat.
5. Control Your Trash
Dumpster diving is another old fashioned way to gather sensitive data like phone numbers, email addresses or other sensitive data – and it still works. Don’t leave recycling bins to get full before dealing with them. Empty them regularly. Sensitive documents should be cross cut shredded. Straight shredded documents can be put back together reasonably easily with patience. Always dispose of old optical media, backup media and USB thumb drives carefully. Secure wipe and degauss old HDDs before discarding them. You don’t want media to end up where it can be found and your data exposed.

Facebooktwittergoogle_plusredditlinkedinmail

Leave A Comment