This is the fifth and final post in a blog series in honor of National Cybersecurity Awareness Month.
Cybersecurity might seem like technical stuff, but don’t overlook the role of physical vulnerabilities in security incidents. The 2018 Verizon Data Breach Investigations Report found that 11% of breaches involved physical actions. The 2016 Verizon Data Breach Investigations Report identified physical theft or loss as the third most common type of security incident.
Even more disturbing is a 2016 study that found that most people have no qualms about connecting unknown devices – which could contain malicious software – to their computers. The researchers dropped unidentified USB drives around the campus of the University of Illinois. Approximately 98% of the drives were removed from their drop-off location; 45% of those who took a USB drive opened at least one file on it. All it takes is one curious but unwitting employee to introduce a vector into your IT system!
Physical security should be part of any cybersecurity program. Here are some physical safeguards to consider adopting:
- Secure your servers and other storage devices – Any area that houses data storage media needs to be secured. That means locking doors or installing other access control devices like biometric scanners.
- Surveillance cameras – Install closed-circuit surveillance cameras in areas where critical IT infrastructure or data are located. If a physical breach ever occurs in the area, the camera recordings can help you identify the perpetrators.
- Mind the trash – Paper records containing sensitive information should be disposed of properly, such as by shredding. Be careful not to leave material for shredding out in the open, where passerbys could see or even steal them.
- Prohibit unapproved devices – Adopt and enforce a policy against connecting unapproved devices to the organization’s hardware such as USB drives, external hard drives, smartphones, and tablets.
- Mitigate consequences of lost or stolen devices – Lost or stolen laptops and mobile devices are a common occurrence. Having a contingency plan against this security risk is a must. Installing mobile device management (MDM) software on devices that carry company data can help. MDM software can help you remotely locate, lock down, or even delete data from lost or stolen devices.
- Encrypt your data – This is a repeat of Tip #1, but its importance can’t be overemphasized. Encrypting data on a device makes it unintelligible to anyone without the encryption key even if they improperly gain control over the device.
And that rounds out our series of practical cybersecurity tips for small businesses. We hope you’ve picked up a few ideas to keep your data safe!