From firewalls to four wall: Keeping company data out of the wrong hands
Outwitting hackers with sophisticated software makes for the stuff of spy novels. But in the real world, simple physical security measures also have a huge role to play to keep critical data in the right hands.
That’s not to dismiss the need for some technical wizardry in the digital age. Cyber-attacks have increased in both frequency and intensity in recent years, with the average cost of a data breach up 23 percent since 2013.
Experts say, however, that many of these breaches could be prevented, with good old fashioned physical security. After all, an unauthorized visitor, a contractor or less-than-loyal employee is much better positioned to steal sensitive information than a high-tech hacker a thousand miles away. And a lot simpler to stop.
“With the focus on anti-virus software, access controls and other forms of automated information security protection, it’s tempting to be lax about physical measures,” says Bill Todd, Senior Facility Manager, JLL. “Yet, a few smart moves can go a long way toward fending off harm to an organization. It’s important to fight cybercrime both in the virtual world—and in the actual facilities where the information is stored or accessed.”
Buildings designed to be secure
One strategy is to design the workplace with security in mind. Separating the reception or elevator lobby from workspace, for example, limits access to areas containing sensitive data.
“For multi-floor corporate tenants in large office buildings, keeping a locked door between the elevator lobby and the workplace has become a standard practice,” says Todd. “Where possible, it’s also smart to keep high-visitation areas, such as conference rooms, on a separate floor from access points to highly sensitive data.”
Data centers and telecom closets should also be subject to video security; highly sophisticated cameras are more affordable than in the past, and can serve two valuable functions. First, their very presence will deter would-be wrongdoers who prefer an easier target. Second, cameras allow for a forensic review if incidents do occur and make it easier to catch the culprit.
Controlling access to restricted areas is a must. State-of-the-art security measures such as smart cards, tokens, or biometric scans which record the identity of each person who enters not only keep outsiders outside, but also prevent access by employees who have no business being in areas containing sensitive data. For extra security, encrypted security badges are preferable to simpler electronic badges that can be stolen during an elevator ride or standing in line for coffee.
Managing facilities to maximize security
Even sophisticated safeguards to keep intruders out are not the be-all and end-all of the physical protection of an organization’s sensitive data. That’s mainly because such systems often can’t keep a determined insider from stealing a hard drive or a password written on a sticky note attached to a computer.
“Given the number of passwords we all use each day, it’s no wonder that it is a common practice for employees to keep them visible and near the equipment they use,” says Todd. “Facility managers can help enforce a clean-desk policy that not only keeps passwords secure, but also helps prevent theft of sensitive printed information left out in the open.”
Todd suggests that even the most sophisticated organizations may overlook these simple, low-cost measures — that facility managers are uniquely positioned to make happen:
- Don’t leave computers unattended in unsecured areas
An unauthorized intruder can use any computer connected to a network to access information. Vulnerable computers include workstations in the reception area, at unoccupied desks or in empty offices. Equip computers that must remain in the open with technology like smart cards or biometric readers to limit access.
- Disconnect or remove computers that aren’t being used
Even in secured areas, an unused computer can present a risk. When an employee is out on vacation or out sick, their desktop computer should be secured. If the computer is in an office, lock the door.
- Use case locks to prevent hard drive theft
Some of the most highly publicized data breaches have resulted from hard drive theft or theft of an entire computer. A related step: disable USB drives and optical drives to prevent unauthorized downloads.
- Keep printer areas clean
Many offices have a shared printing and copy room, where busy employees may inadvertently expose sensitive information in unneeded print-outs. Again, facility managers can reduce risk by enforcing proper disposal of documents.
The sharpest criminals have an eye for physical weaknesses in a workplace. Building in security measures and controlling employee habits around data security can help an organization stay in control of who sees sensitive