Because of the rapid growth in cyberattacks, physical security is often overlooked by the information security industry. There are still many threats to physical security that a company must address. A study done by Ponemon and Shred It found that 68% had suffered data breaches within the past 12 months. 71% of those in the healthcare sector had experienced data breaches due to the loss of paper documents or devices. A joint study of John Hopkins University and Michigan State University revealed that 53% data breaches were due to internal factors such as unauthorized access, improper disposal, or hackers. This would lead you to believe that companies would prioritize physical security of assets. However, it is often not the case. According to Morphean, 77% of IT managers said that their company’s physical security was not optimized. It doesn’t matter if the breach was caused by internal or external factors. The point is to make sure that all company assets are properly protected and managed. This article will highlight the top physical security threats that you should be aware of and the best ways to reduce them in your company.
Security Risks
Unauthorized access: This simply means that someone has access to areas and facilities within your company they shouldn’t have. This is important because if someone has access, it can lead to many problems. They might be able to pretend to be an employee, ask for confidential information about your company, take documents that contain important information, and steal ID cards that allow access to other areas of your company.
Unsanctioned Disposal: Any document containing confidential information must be destroyed in a safe manner. People who have a vested financial interest in stealing company information will attempt to seize documents that aren’t properly disposed of. This is often referred to as dumpster diving. It is the act of digging into trash cans or dumpsters in search of important documents. This is a serious problem that can lead to data breaches in businesses. It is also a great source for money. There are people who use it as a full-time job.
Theft and Destruction of Documents and Devices A second important security risk is the theft or destruction of documents or devices with company information. These devices include mobile phones, laptops and servers as well as meeting notes, documents from employees, and other information. These items can contain sensitive information about the company, and need to be secured.
Unaccounted visitors: It is important to keep track of all who visited your location at any particular time. If something happens, you’ll know who it was. This helps ensure that all visitors are verified before they are allowed onto the property.
Workplace Violence: People should be considered the most valuable asset of a company and should be protected. This includes having proper controls to protect employees from both external and internal threats, such as sexual harassment, abuse of authority, threats or physical violence by higher-ranking staff.
Biohazards This covers emergency situations such as fires, earthquakes, and other hazards that could pose a threat to employees. To ensure employee safety, and minimize the business impact, you should have plans of action for major events in your area and business.
Common Physical Security Controls
Access Controls This includes smart cards and biometric checkspoints that allow authorized personnel to enter restricted areas. This usually involves a combination of a smartcard and a retinal scan or face scan. This is a common way of preventing people from entering areas they don’t need.
Razor (Barbed Wire), Fenced Walls: This provides physical security and marks the perimeter. It also prevents people from entering the area. The wire on top prevents anyone from scaling the fence/wall.
Surveillance Cameras & Sensors: These cameras and sensors can be used to record and track movements in high-security areas and areas around important areas of your company.
Guard dogs and security guards: These add human intelligence to your physical security. They are used to monitor cameras, verify IDs, and patrol areas.
Security Lighting Good lighting is essential for any building. It allows you to see better on security camera, but also allows security personnel to see better during patrols. This discourages people from sneaking around these areas.
Locks This refers to both traditional locks that are used for doors, but also locks that can be used on computers, laptops, and servers to make sure they cannot be removed easily. This allows for only authorized personnel to access sensitive company information. Cloud providers often keep servers physically isolated from other users and give keys only to certain employees who can open the cages and gain access to the server.
Fire Fighting Systems and Smoke Detectors: These systems detect and deal with fire in buildings. This is vital for the protection of human life and important systems within the company.
Secure Bins and Paper Shredders: Your workspace should have paper shredders. This will ensure that important documents can be shredded once they are no longer needed. You can also buy bins that you can put in and not take out. These bins are secure because they protect against dumpster diving.
Visible signs: Signs that indicate that certain areas have been monitored, are being patrolled, have guard dogs, or other similar information can be deterrents to outsiders.
Annual Security Audits:As an alternative to the Penetration Test for Cybersecurity, you can also perform physical security assessments. A regular assessment is where your company inspects your facility and points out areas that need improvement. Some companies will even try to gain unauthorized access into your company in order to determine how easy it would for another person to do the same. It is a good idea to do these at least once a year in order to stay current.
Emergency plans:Planning for an emergency is important in order to minimize damages. Common plans that you should have include those for natural disasters, fires, and common health issues such as a heart attack or armed shooters. These plans should outline the steps to be taken, who should take responsibility for what, and where people should go in an emergency. You should also make sure that the resources are easily accessible. For example, employees should have first aid kits in case of an emergency. Employees must be trained in these plans so they are ready to act in emergency situations. It is not enough to have the plan written on paper.
Training and Policies: Your company’s employee guidelines should contain clear policies. These policies should outline the acceptable behavior and the consequences for any violations. The use of drugs, alcohol, weapons, bullying, and harassment are all things that need to be addressed. These rules should be established and employees trained on them during onboarding and throughout their employment. Clear rules can prevent many workplace problems from ever happening.
Conclusion
The first security element for an organization is physical security. It is responsible for the safety and well-being of its employees. It doesn’t get as much attention as cyber security, which could lead to more financial losses for the organization. It shouldn’t be ignored, but it is important to know the options available to you to protect your company from these types of threats. Here is a list of statistics about workplace violence and safety.
