Defending your information from physical attacks

example of physical security - guards

Risks to the vital information that you need to run your business, are not just mystery hackers in far-away places stealing your data remotely through a cyber-attack.

A physical attack on, or physical threat to your business, could be just as damaging. Whether due to natural disaster, intentional theft, or accidental loss or leakage of information.

Physical security protects your data from theft by stopping people from getting physical access to it, whether this is by:

  • Breaking into your building and stealing data—a server room is a likely target, as it may store high-value data that your attacker could sell.
  • By stealing a mobile device such as; a laptop, phone, or stealing (or cloning) an ID card or other token.
  • Or, by simply watching (or filming) as people use their devices, and either observing their log-in details or by reading the information on screen.

Physical security can also protect your data from natural disasters, such as fire or flood, or from other environmental risks.

8 tips for creating physical security defences

  1. Create physical perimeter defences and deterrents, such as; gates, fences, signage and visible locks. Remember to check for weak spots such as delivery and loading areas, back doors (which can sometimes be left open) and open windows.
  2. Establish and train your human defences against social engineering: security guards and receptionists. They should be able to control entry into your building, and alert you to unauthorised access.
  3. Put in place physical access controls (in addition to your human defences) to restrict entry to your workspace only to authorised people; and a way of controlling guest access too. No-one should be able to just stroll in.
  4. Observing natural hazards in your area: perhaps you work next to a river that is known to flood, or in an area that is at risk of sinkholes, landslides, or coastal erosion. You could then think about locating your equipment in a way to reduce the risks from these natural threats.
  5. If you need one, create and control a secure area with additional entry controls and limited access, to hold your server and comms kit. Only people who really need to be in there as part of their job should be able to get in.
  6. Protect your equipment from power failures, which could cause loss or damage to the data stored electronically—and make sure it is maintained. Don’t forget about other environmental hazards, such as heat, which can damage equipment and the data stored in it.
  7. Secure any cabling carrying data, to protect data from being intercepted or damaged.
  8. Create policies and procedures to help protect your company’s devices and information when unattended or when taken off-site—and provide training to reinforce the need for due care and attention.

For more tips and support to keep your business secure, sign up to our newsletter and contact the Click and Protect team on 0113 733 6230.