Solid Cybersecurity? Don’t Forget Physical Security!
Thursday January 28, 2021
Last year several of our articles were about cybersecurity. That was intentional, considering how widespread and ever changing the cyber threats are that we face today. Similarly, our project teams spent a significant portion of their time on maintaining, reviewing, and improving the cyber security of our clients.
With every one of those cyber security efforts, we also review the physical security of the installation. Having been at this for many years now, we often find it surprising how some organizations are diligent on their electronic cyber security, while not giving the same attention to their physical security. More than once we have left meetings discussing cyber security to find servers in unlocked rooms, consoles left logged in, and drives and flash memory sitting around within arm’s length.
The good thing is physical security is easy! Much easier than cybersecurity. Follow these simple tips, which we’ve organized from the most obvious to most obscure, to be sure your highly fortified virtual perimeter isn’t circumvented with the push of a door.
- Locked Door
If you are concerned about cyber security, then you need a locked door to your core IT equipment.An access card that records who and when is best, but a $20 deadbolt is 100% better than nothing.This simple security measure can stop casual theft (or the suspicion of theft) of small equipment that could hold valuable data, access to your servers by unauthorized staff or intruding outsiders, or even a more nefarious direct installation of Malware to steal data.Moreover, in a nighttime break-in, a locked door may make the difference in the thieves bypassing the server room and going for other easier targets.
- Locked Cabinet
If you purchased a server cabinet, sometimes referred to as a 4-post rack, they usually come with a key.Lock it.It won’t stop a determined criminal, but it raises the effort that much more, and will stop casual or curious access to the components.
- Security Cameras
Security systems used to be involved and expensive.No longer.You can get security cameras for as low as $29 which will tie into a $199 surveillance system controller that can be installed in minutes. Not only will this record who enters your server room and what they do, but it may give you a few minutes warning (especially if the cabinet is locked) to take action.
- Alarm System
A good alarm system typically goes hand-in-hand with a good surveillance system.Besides alarming to after-hours business access and automatically alerting authorities, they can also be set to alarm on unauthorized server room access during business hours.
- Destroy Old Disk Drives
Unless you are absolutely sure nothing of value is on a disk drive (and has never - it’s easy to undelete data), never throw out or e-waste old drives. Instead, have the disk either wiped (e.g., using a standard like DoD 5220.22-M) or physically destroyed. Usually, it is much cheaper and quicker to physically destroy a drive than electronically wipe it.
- USB drives, both old and found
Same goes for old USB drives. A couple solid whacks with a hammer will usually do the trick.Of course, never put a USB drive you find laying around into your computer – that is an old trick by cybercriminals to get easy and deep access to your systems.
- Ideal Timeouts
To prevent someone from accessing an open workstation and typing away, set an Idle timeouts on all your servers and computers to bring up a locked screen that requires the user to log in again to unlock it.Set them so they will not interfere with your work, but don’t leave an available session for too long either.Usually, 10 or 15 minutes is a good value.Of course, to eliminate this threat even more, you should train your staff to have them lock the screen when they step away (Hitting the Windows-L key combo will do this instantly.)
- Encrypted disks
Even if a criminal cannot log into a computer, they can easily just pull your drive, plug it into another computer, and directly access the data on it.Unless you have it encrypted!If your computer is running Windows 10 Pro, you can use Bitlocker to simply and quickly encrypt your entire disk.You should always do this on laptops, and desktops too if they contain sensitive data.Just be sure you have the Bitlocker key printed or saved elsewhere (such as a safe); otherwise you could lose access too.
- Laptop Security Cables
If you tend to use your laptop at coffee shops or in other public places, a $40 security cable is a great add-on.A combination lock that is easy to connect and disconnect, it essentially makes your laptop a part of whatever it is tethered to.This more or less eliminates the possibility of grab and run theft.
Almost all printers have non-volatile memory in them. Hence, they may retain copies of the last documents sent to them.If all you print are news articles, no worries.But if you are printing financial or other confidential information, you want to remove the memory modules and destroy them before you e-waste that old workhorse.
If you implement the above, you can rest much easier at night knowing that your physical IT is well defended.
CEO & Founder