Ensuring Physical Security is an Essential Step in Safeguarding Your Sensitive Data
published on November 08, 2016 by Jon Ecker
Malicious individuals and dangerous mobile storage devices could be a threat to your data integrity
While you might think the biggest threat to your data’s integrity is a faraway hacker attempting to gain access to your company’s most secure information, many hazards to your information security could be a lot closer to home.
USB flash drives, SD cards, mobile hard drives, and other mobile storage devices are becoming more ubiquitous every year, and all it takes is one on-premises theft to breach your most valuable information. This means that it’s not just Internet security you need to worry about when looking to protect your data – it’s your company’s physical security as well.
Take a look at how to implement effective strategies to improve your physical data security while protecting your business from emerging mobile threats.
Internal vs. external threats and intentional vs. accidental security breaches
When attempting to secure your data from internal theft, you’ll need to protect yourself from a variety of risks. The first type of threat is malicious – for example, an employee or contractor who sneaks a mobile device, like USB flash drive or SD card, into your company’s offices with the intent to steal data or otherwise harm your firm.
Another potential threat to your company’s data security is accidental, such as the use of a mobile storage device with dangerous viruses or malware. As USB drives have grown less expensive, they’ve become increasingly popular as giveaways at conferences, meetings, and events, meaning that more and more unknown drives are circulating around homes, offices, and other locations your employees commonly visit.
With statistics showing that people will pick up nearly 50% of random, discarded USB drives, an employee looking to transfer data between company hardware could easily be using a compromised device. And after a dangerous device has been obtained by one of your workers, it only takes one mistake to create the potential for a big, accidental security breach.
In fact, the simple act of inserting a USB drive into a company computer could lead to viruses, spyware, or malware infecting it. At best, this might mean annoying advertising and slow computer speeds. At worst, it could mean that hackers can gain access to sensitive company information.
How to use physical security precautions to keep your data safe
No personal external hard drives
To reduce the possibility of both intentional and accidental security breaches resulting in the theft of company data, it’s important to take intelligent security measures. In order to ensure that no outside USB, SD, or other mobile storage devices are used, you’ll likely want to create a rule against them in your company’s offices. Instead, you might want to provide company USB drives or mobile hard drives – with express instructions that these devices only be used between secure company computers and to not be used with any personal or unauthorized devices.
Limit mobile usage
Mobile phones and tablets can also carry viruses, so it’s a good idea to instruct your employees to never plug unsecured personal devices into your company’s computers. Additionally, if you work with very high security data, you may even want to have employees leave their phones in their cars or in a secured area in your office before beginning work.
Physical access control and remote monitoring
To reduce the chance of a contractor or maintenance worker using a mobile device to steal data from your company, you’ll want to be very careful when allowing non-employees into your office. It’s not just maintenance workers you should worry about; computer technicians and IT professionals could also be a threat to your data security. Remember, all it takes is one USB drive, inserted into a company computer, and your sensitive data could be at risk.
Some of the on-premises security measures that will prevent unauthorized access include access control and remote monitoring. Just as you only provide network, data, or hardware permissions to certain users, extremely sensitive data can be physically cordoned off by limiting access – say, to a server room or non-networked series of computers – to only the personnel who need to interface with it.
Access control using electronic IDs or biometric scanning will efficiently limit visits to areas with highly-sensitive data, and remote monitoring can alert personnel to unauthorized visitors. And a truly comprehensive strategy may employ a physical security check for unauthorized hard drives when personnel enter or leave an area with non-networked hardware. There are also technological solutions that can prevent the use of file sharing or personal external drives.
At POM Technologies, we understand that new security threats – both physical and digital – are developing each day, and we have the experience to help you protect your organization. To learn more about how to use intelligent strategies and the latest technology to physically secure your company, its people, and its data from emerging threats, contact us today at 212.688.2767 or through our online form for a free consultation.