For full-scale security, solutions have to go beyond the cyber world.| October 22, 2019
Cybersecurity is a heavy focus in and of the IT world, as it should be. Cyberattacks are ever-increasing and can cost companies millions to recover. However, an often-overlooked component of comprehensive, full-scale organizational IT security solutions is the proactive and ongoing protection and prevention against threats that exist outside of the cyber world. It makes sense if you think about it: Most of us work in physical spaces with real, tangible components, such as computers, servers, and other hardware. Even if employees are working remotely or offsite, company servers are still typically housed in a physical and accessible location.
While most people and businesses are preoccupied with cyber threats, attacks, or otherwise being compromised online, on-premises servers and systems, who has access to them, or how someone could gain access all become secondary concerns—or sometimes aren’t thought of at all.
Physical IT security is different from the physical safety of your company premises, where you might hire security officers or guards tasked with keeping your building, facility, and people safe from real-world dangers or intruders. It is similar in theory, though, with the goal being to prevent and protect your assets against malicious individuals who want to cause damage or harm, or could or would otherwise compromise your servers or network facilities.
It may seem unbelievable, but people are looking to steal or compromise your assets and data, however, wherever, and whenever they can and for a multitude of reasons. Maybe they want access to your proprietary company information, or perhaps they want to cause havoc and harm for personal gain.
Data theft or compromising physical networks or hardware can happen in a variety of ways that vary from slow and sneaky to outright theft. It can be as simple as a person walking into your building and walking off with your external backup or hard drive or someone internally installing a USB drive in a hidden port with malware loaded on it–almost like credit card skimming at a gas station pump. Open network ports in offices or conference rooms are prime spots; they can be compromised by a device intended to capture data on your network, which can then be sent off to the world. Additionally, a person with malicious intent might install software that is intended to steal your data over a long period. At any time, your system could be used against you, or to attack others.
Physical IT security isn’t always just about protecting you from the bad guys. It’s also about protecting your company data and equipment from natural disasters as well–fires, floods, earthquakes, and any other natural happening that could cause catastrophic damage to your systems and servers.
All of these reasons (and more!) are why it’s so crucial to protect your online and physical systems comprehensively. So how can you start protecting yourself? An internal assessment is critical to ensuring that your systems and facility are adequality protected, secured, and backed up. You need to know exactly where and how you are most vulnerable before you can take the best course of action. At Concensus, we provide a top to bottom security review that includes every component of your cyber and physical security, from bottom to top, and back again. Click here to learn more about scheduling a security review.
Here are a few additional ways to start internally assessing your physical IT security and taking action.
External Security Measures
- Lock your systems in a room with limited or restricted access. Implement and enforce a policy, which could be a simple as a sign-in/sign-out sheet, that allows you to track and audit who is accessing the room, and when.
- Monitor the area with a security camera. Concensus sells Meraki video and networking devices, and we would be happy to recommend additional options that are appropriate for your company size and needs. A security camera system can work in tandem with your sign-in/sign-out sheet to ensure individuals are not deliberately omitting information about visits.
- Implement and enforce the use of remote access cards, such as iDrac/Dell or ILO/HP, so that you can track and monitor who is accessing, what they are accessing, when, and for how long.
- Use a locked rack for your servers, and do not leave it on the table or a bakers rack. Also, lockdown server and desktop USB ports with physical locks and security software for additional protection and security.
Natural Disaster Prevention
- Make sure the room you are housing your systems in has adequate power and cooling. Consider a dedicated generator in case this specific room or your entire building loses power.
- Do not place servers directly underneath a sprinkler.
- Keep all of your equipment elevated; do not place any equipment directly on the floor.
Additional Security Measures
- Enforce password protection on all system bios.
- Keep a local backup for quickly restoring files, but also keep an offsite copy.
Understanding cyber and physical security and implementing the appropriate measures can feel overwhelming to address on your own. We can help you make sure it’s under control. Comprehensive IT security is what we do, day-in, and day-out. Let’s talk about how we can make your systems safer and more secure, so you can focus on doing what you do best-running your business.
Please contact our team at 724-898-1888, or schedule your assessment at https://www.concensus.com/healthcheck.