One of the most common types of security breaches comes from the physical data theft of company computers, devices and even the old stack of paper files.
Yet physical security awareness is almost non-existent. Here's how to ensure you don't miss this vital piece of security.
What does physical security awareness have to do with cyber security?
When thinking of cyber security, you might picture endless forms of technologies, processes and protocols fighting to keep our sensitive data away from the hands of online crooks. But thinking of cyber security as just a technological form of protection is exactly where many businesses are going wrong.
After all, one of the most common types of security breaches comes from the physical data theft of company computers, laptops, portable devices, electronic media and even the old stack of paper files.
And if you’re thinking about security guards and CCTV surveillance as all the steps you need for physical protection, then data theft will remain a major likelihood - not least due to the fact that these threats often stem from inside the business.
Intentional employee theft is a well-known repercussion during the run-up or sudden aftermath of an employee's position being terminated. Partner that with the unintentional side of an employee demonstrating a simple lack of security awareness, then your business is faced with a full circle of potential insider threats.
One company (Biscom) has researched the physical data loss associated with employee-related cyber security breaches, finding that:
- 85% of employees admit to taking company documents and information they had created;
- 30% of employees admit to taking company documents and information they had not personally created.
So how can your business ensure physical security awareness?
#1 Implement Access Control
Let’s start with the outside. Keeping external threats as exactly that is one of the most effective ways of ensuring your company’s physical security. Don’t just rely on the old lock and key approach of controlling who gets in and out - access control cards are much more effective.
Put it this way, someone wanting to duplicate an access control card is going to have a hefty chunk of work cut out for them in comparison to visiting the key cutters just down the road. Further to that, any person you might want to remove access privileges from is now a task that can be done instantly - without changing locks or entry codes.
#2 Use Photo ID
Another one to stop the external bad actors, including employee photos on ID cards is a great added layer of physical security for your business’s access cards. You’re now able to challenge potential ‘employees’ who have forgotten their cards, all with the power of visual identification.
This is especially important when it comes to social engineering techniques. Unauthorised individuals can attempt to gain access when knowing some personal details of the person they’re impersonating - such as department, job role or naming senior management. With photo ID, they’ll have a tougher time conning their way through.