Menú Security Signal

October 9, 2019

Cybersecurity starts with physical security

by Monserrat Toledo

Long-time ago, epic thefts started with big elaborated plans that aimed to gain access to the vault. Nowadays, you just need a little bit of data to cause the same amount of damage. That’s the reason why you need to shelter sensitive data that your company keeps because if they get exposed it can cause serious damage.

Your data may be exposed in multiple ways:

An employee accidentally leaves a flash drive on a cafeteria table. Hours later he returns to get it, but the drive with hundreds of important personal information is gone.

A worker throws away a bunch of old company bank records into the trash, where a criminal can find the after office hours.

A thief steals files and computers from your office after entering through an unlocked window.

Every single one of these situations can put your company in danger, that’s why we leave you this post with some tips that can help you reduce your risk to experience a leak of information.

How to protect equipment and paper files

1. Store securely

When paper files or electronic devices contain sensitive information, store them in a locked cabinet or room.

2. Limit physical access

When records or devices contain sensitive data, allow access only to those who truly need it.

3. Send reminders

Remind staff members to put paper files in locked file cabinets, log out of their network and applications, and never leave files or devices with sensitive information unattended.

4. Keep stock

Keep track and secure any gadget that collects sensitive client information. Only keep files and data that you really need and keep control of who has access to them.

How to protect data on your devices

A breaking in, a lost laptop, stolen smartphone or misplaced flash drive, All can happen due to a physical security breach. But it is less likely to end in a data breach if the information on those devices is protected. We will show you a few ways to do that:

1. Demand complex passwords

Demand passwords that are long, complex, and unique. Make sure these passwords are stored securely too. Consider using a password manager.

2. Use multi-factor authentication

Require multi-factor authentication in order to access areas of your network that contains sensitive information. This needs additional steps further than logging in with a password – like a temporary code on a smartphone or a key that’s introduced on a computer.

3. Limit login attempts

Limit the number of incorrect login attempts allowed to unlock certain devices. This will help to protect you against intruders.

4. Encrypt

Encrypt portable media, including everything that contains sensitive data, like computers and thumb drives. Do it with every sensitive data that you send outside of your company, for example to an accountant or a shipping service.

A Small Business Guide to Computer Encryption

How to Encrypt All Your Online and Offline Data

Train your staff

Incorporate physical security to your regular employee training and communications program. Remind employees to:

1. Shred documents

Always shred documents that contain sensitive information before you throw them away.

2. Erase data the right way

Use software to erase data before donating or getting rid of old computers, mobile devices, digital copiers, and drives. Don’t ever rely on just “delete”. The reality is that it doesn’t actually remove the file from your computer.

If you need a guide on how to do it, here is a link for you.

3. Encourage security practices in all locations

Keep security practices even if you are working remotely from your home or on a business trip.

4. Know the response plan

Every single member of your staff should know what to do in case equipment or files get lost or stolen, including who they have to notify and what to do.

If you still don’t have one but you want to start building it, check this link so you can prepare one

Even tho this post is about something that may seem old fashioned, it’s an important aspect that shouldn’t be put to the side if this subject is already taken care of in your company, we invite you to keep reading the post that we will be publishing during cybersecurity month.