Physical security in the workplace is a dying artform. With our growing reliance on technology and the rise in remote working, we are leaning more on cyber security and neglecting the protection of tangible assets.
Although many workers still go into the office on a full- or part-time basis, our workforces are for the most part diffuse. Instead of individual desks in a single space, the office is now spread across the country and linked by home offices, Cloud services, videoconferencing software and instant message platforms.
These all present their own information security risks, but the physical threats haven’t disappeared either. In fact, remote working has created new problems that organisations must address.
In this blog, we look at seven ways you can avoid physical security threats in the workplace – whether that’s in a traditional office or a remote location.
1. Secure portable devices
Wherever you work, the chances are you use a portable device at least occasionally. That might be a laptop, a phone, a USB stick or something else.
These devices are crucial for anyone who is on the go, whether that’s because they commute into the office, travel as part of their job or want to stay on top of work outside of work hours.
But as is often the case, convenience comes at the expense of security. One such risk is the possibility of a crook peering at an employee’s screen while they’re working in a public place.
The threat can be mitigated by using privacy screen protectors. These are thin plastic sheets that you place over your laptop screen, which ensure that the information is only visible if you are close to the screen and looking directly at it.
Organisations should also ensure that laptops are password-protected, and that sensitive information stored on portable devices are encrypted. This protects the organisation in the event that an unauthorised individual accesses the device.
Meanwhile, organisations should create a policy instructing employees not to use public Wi-Fi when working; these networks are often targeted by scammers in an effort to compromise people’s connections.
2. Keep server rooms locked and under surveillance
Servers must be secured to prevent unauthorised actors from tampering with them. This might include malicious employees who wish to sabotage their organisation or negligent actors who wander in and cause damage.
It can also include criminals who break into an organisation’s premises – perhaps using social engineering techniques – to compromise those servers.
To ensure this doesn’t happen, your servers should be kept in a secure location. Ideally they should have their own room that is locked shut. You should also consider implementing CCTV to catch anyone who tries to break in.
3. Dispose of physical records in an appropriate manner
There are countless reports every year of unsuspecting members of the public finding paperwork in bins, on the street or otherwise left unattended.
These are perhaps the most infuriating of all data breaches, because they are so easy to prevent. Organisations only need to ensure that physical records containing sensitive information are shredded before being thrown away.
Purchasing a shredder and adding a section to your information security policy outlining when it should be used can save your organisation the embarrassment and other implications of a data breach.
4. Introduce a clear-desk policy
Another way for organisations to prevent physical records from falling into the wrong hands is by implementing a clear-desk policy.
The policy instructs employees to ensure that they sensitive information is not left on their desk unguarded.
Doing so reduces the risk of unauthorised individuals stealing or otherwise viewing confidential information. It also reduces the risk of someone throwing out the documents when cleaning the desk.
5. Implement an access control system
Access controls ensure that only authorised personnel can view sensitive information.
It’s often considered in terms of digital security, with employees needing appropriate credentials to view certain folders and files.
However, the concept applies equally to physical locations where sensitive information is kept. Sensitive physical records should be kept in locked cupboards or rooms that only authorised personnel have keys for.
6. Store your backups in a well-protected location
Most organisations are aware of the importance of backups. They ensure that you have additional copies of sensitive files should you run into problems with your primary systems.
Unfortunately, backups are often considered only in terms of creating additional digital files stored elsewhere, such as on the Cloud.
However, the Cloud, like any other Internet-connected system, contains vulnerabilities and can be compromised. This means you might lose backups – or worse yet, a catastrophic failure, such as a ransomware attack, could wipe out everything.
It’s why organisations must have offline backups that are isolated from your networks. This protects them in the event of a range of problems, from ransomware attacks and corrupted files to damage to the servers on which the information is stored.
7. Provide physical security training for your employees
As with every form of information security, your employees are at the heart of your activities. They are the ones responsible for managing systems, complying with policies and using technologies responsibly, so they must understand what’s expected of them.
It’s why educating your staff on the importance of physical security is essential. You can get started with our Physical Security Staff Awareness E-learning Course, which contains everything you need to prevent data breaches.
This 45-minute course offers in-depth, engaging content and activities that promote lessons such as the ones outlined in this blog.
Employees will gain a better understanding of their responsibilities when handling sensitive data, and the steps they can take to prevent information security risks when working from the office, at home or on the go.
Those who purchase the course will also receive a free monthly security bulletin that looks at emerging security threats and provides our experts’ tips on how to stay safe.
