Physical security, as part of information technology, is often thought of as locked doors, identification clearance, and a desk with a security guard, but it is much more. While physical security’s main focus is the protection of hardware, networks, and data from physical damage or loss, it also requires personal attention to maintain the safeguards in place. While physical security gets a great deal of attention at the enterprise level, at the personal level it is often taken for granted or overlooked entirely.
Attend to Your Devices
Leaving devices unattended is a common practice that leads to the loss of hardware and sensitive data. Laptops and mobile devices that are left unattended are stolen every day, and the loss of hardware is just part of the story. If a device is not properly password protected, both personal and professional data may be at risk. Saved passwords to commerce web sites, such as credit card and financial institutions, may be compromised. This misplaced trust can lead to unfortunate and possibly alarming scenarios.
Use Lock Screens, Logout, or Shut Down
A locked door may not provide sufficient security. Desktop computers in a secured office are still at risk; not locking a computer when leaving it unattended can lead to a serious compromise. A recent example from an office on campus involved an unlocked computer in a locked office. Over the weekend, an individual with after hours access to the office used the computer and unknowingly infected it with malware. The system was used, almost immediately, by unknown third parties for illicit activities.
Protect Your Backup Devices
Removable hard drives and thumb drives are examples of items that are often overlooked as devices that need to be secured. Their small size makes them easy to steal, but the risk of the loss of confidential data is still substantial. These devices need to be stored in locked file cabinets or desk drawers when not in use. Using encryption technology to prevent the data from being accessed by a third party can mitigate these types of loss.
Don’t take physical security for granted — it only takes one incident to ruin your day. Taking the steps of password protecting and encrypting a device can limit loss of hardware, which can easily be replaced. The consequences of losing data can be a drastic set back for an individual, their employer, and their associates.
To learn more about securing your physical environment, sign up for online security awareness training at https://ts-dev.tulane.edu/content/security-awareness-training
Author: Chris Wood is TUPD Senior Support Analyst with Tulane's Information Security Office.
Follow us on Twitter @TulaneInfoSec and on Facebook at https://www.facebook.com/TulaneTechnology