Posted on May 7, 2019 by Louise Howland
In Episode 8 of Cyber Chat, Rob May looks at the importance of physical security, and gives advice on how to protect the data that isn’t stored in your computers.
Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.
Hi, I’m Rob May, I’m MD of ramsac and welcome to Cyber Chat. I want to talk to you today about physical security. So, cyber isn’t just about people attacking your computers. If you think about GDPR and there’s a huge part of GDPR which is cyber related. It’s around data and data isn’t just what’s in a computer, data is what you’ve got stored on paper, it’s what you’ve got stuck in filing cabinets and so on. And GDPR mandated a clear desk policy.
So, first question is have you got a clear desk policy? If you’ve got people wandering around your office, what data have they got access to? What data can your cleaners see when their walking around the office at night when you’re not there. When we come in and we do security audits. We’re looking for things like what’s left on flip charts or writable walls And I often think you know when you buy a piece of office furniture, that’s lockable. So, whether that’s a filing cabinet or a pedestal that goes under your desk. They always come with 2 keys on a little key ring, And it’s amazing, how often when we’re doing a security audit, You walk into a filing room and they’ll be rows of filing cabinets and in every filing cabinet there will be 2 keys on a key ring.
So think about your physical data, think about how easy it is to get access into the building. You know there’s a there’s a tailgating problem where busy times of the day. Somebody will be loitering outside the office so that they can just follow somebody in whose opened the door. You’ve got to be thinking about that. How many times. If someone walks into your reception, are they challenged? and I know in some of my clients every single time. There’s no way you could get through reception without signing in. but equally, I’ve got plenty of clients where I know I can just walk through the front door and walk right up the stairs. And this is a problem and people need to be aware of it.
So think about your physical security, make sure that you’ve introduced you’re clear desk policy, if people have got laptops. make sure that those laptops are taken home. Or they’re locked in a draw, but not left on desktops and stay safe. I hope this has been useful and I look forward to speaking to you soon. Thank you.