The Importance of Physical Security

By Hayden Duplantier, Associate Information Security Analyst, TraceSecurity

As technology continues to advance, we are more diligent about how our internet presence can pose security risks. There are training courses on phishing, malware, and data theft, but physical security is just as important. You can have all the best online security practices in the world, but without physical security, a bad actor can walk through the door and access your data.

Physical security is the protection of people, property, data, and assets from physical actions that can cause damage or loss to the organization. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism, and terrorism. Some organizations have policies to increase their security posture and insurance to minimize damage. Having physical security ensures the safety and protection of employees, alongside the protection of data.

Types of Physical Security Risks

• Human Oversight: Employees forgetting to lock doors or keeping their passwords on their desks is probably the most common physical security risk. It isn’t uncommon for employees to forget to sign out of their company device or hold the door open for a stranger. Anyone can pretend to work for a company, so employees should not believe everyone who walks through their doors.
• Equipment Failures: Even though machines aren’t as easy to exploit, they can malfunction if not checked routinely. Sensors and security locks can fail, leading to a vulnerability that can be exploited. Equipment isn't always working 100%, so it’s good to keep tabs on equipment and whether it needs to be updated or replaced.
• Natural Disasters and Disasters Caused by Humans: Floods, earthquakes, hurricanes, and fires can affect the operations of equipment. This can compromise physical security. Companies can take steps to protect employees and prevent further damage to equipment and infrastructure. Taking the necessary steps to protect equipment makes it easier to return to normal function after a disaster.

Solutions to Physical Security Risks

• Security Testing: Regular security testing is increasingly important. These tests should be conducted regularly, so participants know exactly what to do in an emergency. Physical security deterrent equipment, such as sensors, door locks, security cameras, badges, and scanning systems, should also be regularly tested.
• Updated Security Plan: Making sure the company’s security plan is up-to-date is crucial. Just like with passwords, you should update your security plan. Technology and threats are always evolving, and using an outdated plan can lead to confusion or prevent the proper steps from being taken.
• Training Employees: Employees are the last line of defense when it comes to any security threat. Having mandatory cyber risk training can help prevent employees from being exploited. This reduces the likelihood of human error and provides procedures to take when there is a vulnerability.

Security isn’t just about digital or data security. It’s everything that a bad actor can exploit and take advantage of. It’s our job as security experts to make sure that any and all assets are secure. Leaving computers unlocked or passwords on a sticky note are vulnerabilities that can be easily exploited by anyone who walks through your doors.

Everyone is responsible for the security of a company, from the general population of a company to the chief executives. Having mandatory training and protocols put in place is the first step to protecting your company’s assets. Be vigilant, be suspicious, and ask questions!

Connect with TraceSecurity to learn more.