Introduction to Physical Security
These days, tips on how to strengthen your cyber security follow the announcement of every another cyber attack. Don’t forget to backup your data, apply patches over vulnerabilities, monitor firewalls, etc. It is very important to remember that software is not your only weapon when it comes to cyber security. Physical Cyber Security is another tier in your line of defense.
According to Goldstein(2016), Physical Security is critical, especially for small business that does not have many resources to devote to security personnel and tools as opposed to larger firms. When it comes to Physical Security, the same principles apply here:
- Identify and classify your assets and resources.
- Identify plausible threats.
- Identify probable vulnerabilities that threats may exploit.
- Identify the expected cost in case if an attack occurs.
Factors on which Physical Security Depends
- How many workplaces, buildings or sites are there in an organization?
- Size of the building of the organization?
- How many employees are employed in the organization?
- How many entry and exit points are there in the organization?
- Points of placement of data centers and other confidential information.
Layers of Physical Security
Layers in Physical Security are implemented at the perimeter and are moving towards an asset. The layers are as follows:
The goal of Deterrence methods is to convince a potential attacker that a successful attack is not possible due to strong defenses. For example: By placing your keys inside a highly secure key control system made up of heavy metal like steel, you can help prevent attackers from gaining access to assets. Deterrence methods are classified into 4 categories:
- Physical Barriers: These include fences, walls, vehicle barriers, etc. They also act as a Psychological deterrent by defining the perimeter of the facility and making intrusion seem more difficult.
- Combination Barriers: These are designed to defeat defined threats. This is a part of building codes as well as fire codes.
- Natural Surveillance: In this architects seek to build places that are more open and visible to authorized users and security personnel so that attackers are unable to perform the unauthorized activity without being seen. For example- decreasing the amount of dense and tall vegetation.
- Security Lighting: Doors, gates or other means of the entrance should be well lit as Intruders are less likely to enter well-lit areas. Keep mind to place lighting in a manner, that is difficult to tamper.
If you are using the manual key control system, you have no way of knowing the exact timestamp of when an unauthorized user requested a key or has exceeded its time limit. Detection methods can of the following types:
- Alarm Systems and Sensors: Alarm systems can be installed to alert security personnel in case of an attempt of unauthorized access. They consist of sensors like perimeter sensors, motion sensors, etc.
- Video Surveillance: Surveillance cameras can be used for detection if an attack has already occurred and a camera is placed at the point of attack. Recorded video can be used
3. Access Control
These methods are used to monitor and control the traffic through specific access points. Access Control includes the following methods:
- Mechanical Access Control Systems: These includes gates, doors, locks, etc.
- Electronic Access Control: These are used to monitor and control larger populations, controlling for user life cycles, dates and individual access points.
- Identification System and access policies: These includes the use of policies, procedures and processes to manage the access into the restricted area.
4. Security Personnel
They play a central role in all layers of security. They perform many functions like:
- Administering electronic access control.
- Responding to alarms.
- Monitoring and analyzing video footage and many more
Countermeasures and Protection Techniques
1. Protection against Dumpster Diving
Dumpster Diving is the process of finding some useful information about the person or business from the trash that can later be used for hacking purpose. Since the information is in the trash, it is not useful for the owner but deemed useful to the picker. To protect against it, you need to follow certain measures:
- Ensure all important documents are shredded and they are still secure.
- Destroy any CDs/ DVDs containing personal data.
- Make sure that nobody can walk into your building and simply steal your garbage and should have safe disposal policy.
- Firewalls can be used to prevent suspicious users from accessing the discarded data.
2. Employee Awareness Training
A negligent employee can be one of the major causes of a Cyber security breach. Employee awareness training sessions can help in such cases. Employee awareness training should focus on one underlying theme- avoid the SEP- Somebody else’s problem field.
3. Site Access Control
Lack of Access Control can be highly devastating if a wrong person gets in and gets access to sensitive information. Fortunately nowadays, you have a number of modern tools that will help you to optimize your access control.
- Envoy is a tool that will help you to expand access to guests in controlled manner.
- Open Path is a mobile system that allows access to only a limited set of people within the directory using smartphones and other devices.
4. Securing Your Windows
If you have the data that hackers would love to get their hands on, they will try any method and might just look through the window. Make sure you are aware of the sight angles to position your screens and other devices. Overlooking from different sight angles to see your credentials is known as Shoulder Surfing.
5. Secure Network-Enabled Printers
Network Printers are a very convenient option allowing anyone in the office to get connected, without a need of extra wiring. Unfortunately, they have underlying security risks also. Sometimes, due to default settings, they offer open WiFi access, thus allowing anyone to get in and open vulnerabilities in the process.
- Only connect those to the Internet that actually needs to be.
- Remote access is not necessary for scenarios where only people from your office use the printer.
- You can add passwords to the connection if necessary.
6. Securing Your Backups
Physical backups are critical for business continuity, helping you prevent data loss in the event of disasters, outages, and more. Most businesses secure their servers but they forget that backups are equally important. They are holding the same level of sensitive data as servers. Treat your backups as you treat your sensitive information and secure them.
7. Building Secure Guest Wifi
Guest WiFi is a natural solution when you have guests or visitors. Here are a few tricks to help protect your resources from the external users:
- Segment your network- In this way, it isolates Guest WiFi from your internal devices and data.
- Encrypt your wireless signals and change the default passwords of all devices on the network.
8. Locking up your Servers
Any area in your organization that stores data need to be secured. Locking doors and making sure server area gets extra protection.
9. Accounting for Loss or Stolen Devices
As devices are becoming more mobile, chances for them being stolen or falling out of someone’s pocket becomes more frequent. Mobile Device Management can help you to manage such situations and take the necessary precautions. The best solution in such cases is to simply lock down and potentially wipe any lost or stolen devices from the organization remotely.
10. Implementing video systems
To achieve a more secure premises, it is advisable to use a Video Surveillance system.
- Mere presence of cameras can deter potential attackers.
- Availability of video footage allows you to have continuous monitoring over the entire premises.
- If an attack happens, you can check the recorded video, easily reconcile the process and catch the perpetrator.