When the matter of security within an organization is brought up, oftentimes, cybersecurity is top of the list. But physical security is equally important. From the personnel guarding the company premises to the cameras recording every minute of the day.
It must be noted that physical security does not mean protection from criminals who are intent on having a hold on the company’s hardware, especially if such hardware is expensive and valuable that it can be sold for a profit. It also pertains to protection from spies that threaten to disclose private information to competitors or other third parties for unlawful purposes. Then there is also the threat of hazards such as fires, floods, or earthquakes which, overlooked as they are, are also considered threats to physical security.
But where should one start in improving physical security? Here are some important tips where security personnel can start
Establish physical security perimeters
Improving physical security starts with measures as simple as setting up walls and doors and having windows covered with blinds to, at the very least, control the flow of people coming to and from areas where critical equipment, software, or information is located. In addition, it is crucial that windows and doors are locked when there is no one in the areas where important items are stored.
Ensure physical entry controls are in place
Ensuring control of entry and exit goes beyond the usual lock and key security these days. Having advanced entry control mechanisms such as keypads and locks unlocked by specially keyed access cards ensures that only authorized personnel can enter specific areas within the business premises. On top of this, access logs should be reviewed on a regular basis, at least quarterly. That is apart from more urgent reviews that need to be conducted whenever a breach has been identified.
Implement external and environmental threat protection
Smoke- or heat-activated fire detectors and alarms, and appropriate fire suppression systems, such as sprinklers, should be installed throughout the premises, especially within secure areas containing information systems. Water or moisture detection devices should be placed in dropped ceilings and within raised floors to detect water leaks or possible flooding. Information systems should be protected from damage resulting from water leaks by ensuring that master shutoff valves are installed, accessible, and working properly.
Provide safe equipment placement and protection
Information systems and devices should be located in secure areas and are well-protected from environmental threats and hazards and unauthorized access. Adding new infrastructure devices, servers or other systems and tools can impact the performance capabilities of supporting utilities. Enterprise security professionals should perform an assessment before installation to ensure the supporting tools and utilities can support the new infrastructure or other hardware devices. Physical access should be restricted to wireless access points, gateways, network hardware, communications hardware, and telecommunication lines.
Manage supporting utilities
Supporting utilities such as electricity, natural gas, water supplies, sewage, and heating ventilation, and air conditioning (HVAC), should support all systems and personnel. In addition, having an uninterruptible power supply (UPS) is a must to facilitate an orderly shutdown for equipment and avoid damage in case of a power interruption. Emergency lighting should also be installed and regularly tested to ensure it is operating correctly in case of a power failure. Emergency power-off switches should be located near emergency exits to facilitate a rapid power down in case of an emergency.
Provide security for power and telecommunications cabling
Power and telecom cables should be protected from interception, interference, or damage. Enterprise security teams should mark cables appropriately to avoid accidental unplugging or incorrect connections. Access to information system distribution and transmission lines should be controlled.
Secure information assets while off-premises
Crucial hardware, software, documents, or other information assets must remain within the premises unless given authorization to move them outside. In the case of computers, full disk encryption should be done. Information assets remain the property of an organization even when they are off-premises. Personnel should be strongly reminded that family members or friends should not use these assets to avoid damage or data leaks. All personnel handling such assets should be subject to accountability.
Protect physical media in transit
Media containing information needs to be protected against unauthorized access, misuse, and corruption when being transported, especially outside company premises. A complete inventory of all physical media that is transferred outside the company should be maintained and encrypted. If it has tapped the services of an offsite archivist or long-term storage provider, it should require the provider to submit an inventory of organizational media regularly. The security controls in place at the provider’s facility should be tested at least annually.
Lastly, security leaders should ensure that a comprehensive physical security program is developed and implemented consistently across the organization. With such a program in place, it helps create a more effective overall security.