What do you think of when we say the word security? Most people only think of locks, safes, theft alarms, encrypted codes and uniformed guards. Physical security is a crucial aspect of any security agenda and is fundamental to all security efforts. When it comes to information systems, many organizations overlook the importance of securing the network and its various components at the basic, physical level. While physical security measures are not the only safety precautions that need to be taken when trying to secure anything — when it comes to information technology, they are a perfectly logical and a serious aspect, to begin with.
Physical security refers to the protection of personnel, hardware, software, networks, data information from terrorism, vandalism, theft, man-made catastrophes, natural disasters and accidental damage (e.g., from electrical fluctuations, variations in temperatures, high humidities, heavy rains and even spilled coffee) that could cause serious damage to any institution.
The following 10 countermeasures are some of the most essential physical security measures that should be implemented in any organization as a part of their security plan.
Physical Security Measures
Security for Your Doors
Are your server room doors locked? You should also ensure that there are good locks on the server room door. Some necessary prerequisites need to be checked with respect to securing the server room.
- The room should have low visibility. Don’t announce what’s in the room by putting up signs. For instance — “confidential, sensitive and expensive equipment here”.
- The room should have high walls and fireproof ceilings and not too many windows.
- Appropriate authorities should only be given access to the room and the physical networks inside. If there’s any breach, each compromised lock should be changed.
- Consider using alternative strategies like window bars, anti-theft cabling, motion detectors and magnetic key cards.
Monitoring and Surveillance
Are the physical security staff trained to maintain a log book? An up-to-date list of all security personnel authorized to access sensitive areas should be kept. Unless pre-authorized, never allow equipment to be moved or serviced. The service personnel should produce an authentic work order or provide necessary photo ID for verification. Logs of all such activities should be maintained.
Also, locking measures taken for the server room is a great first step, but someone could always breach the security, or someone who has authorized access could take undue advantage of that authority. You can have an authentication system incorporated like a smart card, token, or a biometric scan which will be required to unlock the doors and simultaneously make a record of the identity of each person who uses the premises. Motion detection technology and video door surveillance cameras can also be really helpful for monitoring and surveillance.
Keep the Network Devices in the Secured Room
The servers are to be protected, but it’s not just the that you have to worry about. A hacker can use a laptop to connect to the wireless network hub and use a packet analyzer or a sniffer software to intercept and capture data transmitted across the network, decode it and make it readable. Ensure that whichever devices that function on that network are kept in the same locked room. If they are required to be kept in different areas, then make sure they are kept in a secured closet.
Use Rack-Mount Servers for added Physical Protection
Rack-mounted servers not only save you the physical space, but they are also easier to secure. They contain multiple mounting slots called bays, each designed to hold different servers and can then be bolted and screwed, making the entire system quite difficult to displace — this reduces the chances of theft majorly.
Keep a Check on the Work Space Security
Unoccupied desks, empty offices and front desks are quite vulnerable to a physical security breach. The doors of such empty offices should be locked even if it means temporarily during lunch time. Unoccupied desks are prone to theft and robbery, hence should be emptied when the person leaves the room. The devices kept unattended at open locations such as the front desk should be equipped with biometric scanning or a smart scan to prevent outsiders from unauthorized logins.
Use Case Locks
The servers and workspaces should be secured and protected from thieves who can open the device cases and steal the hard drives. Isn’t it much easier to carry a stolen hard disk drive in the pocket than a whole rack from the premises? Case locks should be used to lock the device’s external cases, such that it can’t be unlocked without a key.
Protect the Portable Equipment
Never leave anything unattended, especially any portable equipment like laptops especially. Hackers can use any device that’s connected to the wireless network to access or delete crucial and sensitive business information. Laptops and notebook computers pose a lot of physical security risks. A burglar can easily steal the entire system, including any and every data stored on its hard disk as well as all the network login passwords that may have been saved and stored. To prevent the same, the workers should take the devices with them when they leave or lock them with a cable lock. The smaller devices like handheld PCs or notebooks can be locked in a drawer.
Save the Backups
Backing up all the data is the first step to be done every day to smoothen out the consequences of any disasters. Now saving and securing the backup drive is also very crucial. With the threats of burglary, information theft, natural disasters etc., the storage of these discs play a very important role. Most often, the majority of the admin guys keep it beside the server systems in the same room. They should be locked in a drawer or safe in such cases. The ideal situation would be to keep them somewhere off-site and protect them.
Disable the Ports
Many organizations disable the USB serial ports on the company devices which they provide to the employees. This to prevent the transfer of any company-related sensitive and crucial information to any removable device. Not only USB ports, but sometimes even floppy disks and CD ports are disabled for the same purpose.
Protect Your Output
The use of output devices like printers, fax machines, scanners and photocopy machines should be heavily monitored. You wouldn’t want employees to see other business-related sensitive and confidential information when they’re waiting to get their documents printed/faxed or scanned. All such information must be labeled accordingly and should be dumped without being shredded. If a hacker gets access to a company printer and accesses the onboard memory, he/she may be able to make duplicates of recently printed documents. Thus, such devices are best to be kept in secure and locked premises.
How Can We Help
Now deciding which recommendations to adopt as per your organizational needs is the call you need to take. An accurate risk assessment will aid you with the information required to make efficient decisions. DMAC Security is a security guard agency that maximizes your physical security. We optimize our solutions at every level to provide services at low costs, assist customers with tailored needs and requirements while maximizing innovation and productivity/return for them. Enjoy peace of mind while we protect your business.