Tag Archives: Getting Started with Information Security

Information Security and Physical Security

Photo Courtesy of http://www.flickr.com/photos/eprater/

Information security is often thought to be very technical in nature and a lot times it is. After all technology is exciting and many people prefer to focus on firewalls, intrusion prevention systems and other state of the art technologies. Physical security is an essential often neglected aspect of information security and it is every bit as important as the more technical aspects. If you neglect implementing adequate physical security measures all of your other efforts can be in vain.

The following are the primary business risks if you fail to implement adequate physical security measures:

  • Disclosure of sensitive business information
  • Theft of your business assets
  • Financial loss for replacing assets
  • Loss of ability to use data that may be critical for sustaining ongoing operations (if no backups are available)
  • Negative publicity if the event is disclosed

So now that you agree it is important what do you need to do? One of the first steps should be to perform a risk assessment so you can document and prioritize based on business risk. This helps you focus your efforts and decide how much you are willing to spend to mitigate certain risks. I will provide a sample risk assessment at a later date to serve as a template but for now here are items to consider when implementingĀ  physical security.

Physical Security Things to Do At Your Business

  1. Control access to your business facility to only allow authorized personnel inside. At the minimum this should mean securing your business at least as much as you do your home. Locked doors, security systems, andĀ  or more advanced control mechanisms like building control devices.
  2. Secure rooms with computer servers and networking equipment in it with an additional level of security. Ideally physical access to these systems should be restricted to individuals that need to access them. In addition, a simple guest log in book is a good way to document who is accessing a security controlled room (of course badge access control is even better but it is all based on your cost/risk tolerance).
  3. Consider using a camera/DVR based security system. I have not yet purchased one but for under 400$ I am looking to get one very soon likely the Defender SN500. This set looks quite nice and is very cost effective for the additional protection it provides.
  4. Utilize cable locks for your desktops, laptops, projectors and network equipment. Physical theft is the greatest threat to these assets so lock it down to get a little more secure.
  5. Lock up sensitive physical files in drawers or cabinets and do the same with portable electronic media such as USB devices or cd/dvds.
  6. Make sure you follow our backup tips to ensure you do not lose critical data in the event of an environmental disaster such as a fire or flood.

Physical Security Things to Do on the Go

Laptop thefts are the biggest risk to your business assets while in transit. Follow these tips to make sure you minimize your likelihood of becoming a victim of laptop theft.

  • Place your laptop in your trunk immediately when leaving work for the day. A majority of laptops stolen from vehicles are stolen because they are visible tempting targets to thieves.
  • Never leave your laptop unattended when it is not locked up. Keep an eye on it at all times much like you would a small child playing in the yard.
  • Consider utilizing a laptop recovery service if you will be storing sensitive information on your machine.
  • When traveling on a plane never check a laptop always carry it on yourself.
  • If you are in a hotel room the best option is to lock your laptop in the in room safe. Next best options include using a cable lock to secure it to some furniture or shelving in the room. A last resort option is to use the do not disturb sign and hide it as best you can as recommended in these tips from Microsoft.
  • If you have to step away for even just a moment ask a trusted person to keep an eye on it for you. If there is no one available take it with you.

In summary, do not neglect physical security as part of your information security program. Doing so will leave you with a false sense of security and an incomplete protection program.

Information Security – Who Needs It? Restaurants Do!

Tino’s Greek Cafe located in Austin, Texas learned the hard way that negative information security exposure can get your business featured in unwanted headlines. Hacker’s compromised customer credit card data and fraudulent charges were noticed by multiple customer’s that had recently eaten at the restaurant. That correlation allowed investigators to determine the commonalities involved and point to Tino’s as the probable link.

What can you do to avoid suffering information security ruin like the Greek Cafe? Review our information security top 10 list and help ensure your company is protected.

Information Security – Why is it Important?

Viruses, worms, hackers, and cyber thieves Oh My. The electronic universe is loaded with bad guys targeting you, your company, and your data. Computers and the Internet are such an important part of your business that you do not have the option to disengage or ignore the threat and hope it never affects your operations in a negative way so it is important to ensure you understand there are people out there seeking to do you and your business financial harm and then take the necessary preventative measures to minimize your chances of becoming a victim.

In the early days of the internet viruses and worms were primarily nuisances that caused minor annoyance and hackers defaced web sites for “bragging rights”. Those days are gone now and more advanced criminals have focused their attention towards online crime because it is lucrative and minimizes their chances of being caught and imprisoned vs. more traditional criminal enterprises. Businesses that have been victimized often fail to report the crime for fear that the negative publicity will do more reputational harm then the incident itself.

Our mission at Informationsecurityhq.com is to help build awareness of the threats facing your business and offer practical solutions that can be implemented to help minimize the likelihood that you will become a victim.