Cybersecurity begins with physical security

Home » Blog » Cybersecurity begins with physical security

Physical Security

Information Courtesy of Federal Trade Commission

Cybersecurity begins with strong physical security.

Lapses in physical security can expose sensitive company data to identity theft, with potentially serious consequences.

 

For Example:

An employee accidentally leaves a flash drive on a coffeehouse table. When he returns hours later to get it, the drive — with hundreds of Social Security numbers saved on it — is gone.

Another employee throws stacks of old company bank records into a trash can, where a criminal finds them after business hours.

A burglar steals files and computers from your office after entering through an unlocked window.

How to Protect Equipment & Paper Files:

Store Securely

When paper files or electronic devices contain sensitive information, store them in a locked cabinet or room.

Limit Physical Access

When records or devices contain sensitive data, allow access only to those who need it.

Send Reminders

Remind employees to put paper files in locked file cabinets, log out of your network and applications, and never leave files or devices with sensitive data unattended.

Keep Stock

Keep track and secure any devices that collect sensitive customer information. Only keep files and data you need and know who has access to them.

How to Protect Data on Your Devices:

Require Complex Passwords

Require passwords that are long, complex and unique. And make sure that these passwords are stored securely. Consider using a password manager.

Use Multi-factor Authentication

This requires additional steps beyond logging in with a password – like a temporary code on a smartphone or a key that’s inserted into a computer.

Limit Login Attempts

Limit the number of incorrect login attempts allowed to unlock devices. This will help protect against intruders.

Encrypt

Encrypt any sensitive data you send outside the company, like to an accountant or shipping service.

Train Your Employees

Shred Documents

Always shred documents with sensitive information before throwing them away.

Promote Security Practices in All Locations

Maintain security practices even if working remotely from home or on business travel.

Erase Data Correctly

Use software to erase data before donating or discarding old computer, mobile devices, digital copiers and drives. Don’t rely on “delete” alone. That doesn’t actually remove the file from the computer.

Know the Response Plan

All staff should know what to do if equipment or paper files are lost or stolen, including whom to notify and what to do next.

Aspects of implementing your physical security policies requires working with a technology service partner. In addition to coming alongside your business to provide on-going support and monitoring, your technology partner will assist with erasing data correctly, multi-factor authentication, limiting login attempts and encrypting data.

Helping Your Business Grow

Source: https://www.ftc.gov/system/files/attachments/physical-security/cybersecurity_sb_physical_security.pdf

Subscribe To Our Newsletter

Newsletter Signup