An interesting shift has taken place in businesses—if you mention the word security most people will assume you are talking about the protection of online, digital and technology resources within the company—logical security. Just 15 years ago, however, if you mentioned security, they would likely think of badge cards, building alarm systems and locks on doors. Our security focuses have changed over time, just as the threat landscape has changed, and we continue to focus our efforts on what has the most value to our business and the most potential to be attacked.
Putting physical security on the back burner
For many businesses, physical security is no longer the top concern. For example, the CISSP certifications have historically included physical/environmental security one of the nine domains of competency for the exams. As of 2015, it was combined with another domain that includes other topics, evidence of its diminishing importance in the minds of many security experts. The truth is physical security is still of vital importance to information security, and is dangerous to overlook.
While it is easy to breach a company network in order to steal critical data, physical thefts can also take place involving actual information within the company. Another concern related to physical security is the insider threat — an employee or contractor helping themselves to your information for financial gain. According to CSO magazine and the U.S. Secret Service, “Only 49% of companies have a plan to address and respond to insider security threats — even though 32% of the same companies agree that crimes perpetrated by insiders are more costly and damaging than those committed by outsiders.”
Most importantly, physical security should be important to your organization because ultimately, it is an effort to protect your most important assets: your people.
4 areas to focus on for physical security
Keep these often overlooked areas in mind when planning and implementing your physical security strategy:
- The lobby – A company lobby should be protected and secure, preventing random individuals from entering into the rest of the facility undetected.
- The data center – A data center of any size needs to be securely locked with access restricted to those with a need to be there.
- Doorways – Individuals without permission or access should not be able to easily enter doorways to a building. Keep any building doors that are not the main entrance locked and give employees access cards.
- Surveillance cameras – Cameras are very inexpensive today, and not only can they detect possible threats in progress, but also allow review of incidents.
It is important to pay attention to the logical threats to your company, but overlooking physical security can lead to major damage. Take the time to have a serious discussion about the physical safety and security of your organization.