Physical security is an often overlooked aspect of IT security. Don’t let your company fail to enact the simplest security measures of all! According to the FFIEC IT Examination Handbook, physical security is an examined aspect of your network security posture. While performing an Atris Network Vulnerability Assessment, it’s not uncommon to find branch offices of financial institutions highly exposed to a security breach due to lackluster physical security. Here are some simple tips to consider in regards to basic physical security control over your IT infrastructure.
Lock the doors! Don’t forget to keep all critical equipment behind locked doors. This includes servers, switches, routers, and wiring patch panels.
Lock your Windows! Make sure to employ a screen timeout and lock on all workstations in the building. The simplest way for a data leak to occur is somebody walking up to an unlocked display and memorizing a name and social security number sitting on the screen.
Lock your box! When a telco company brings in a data circuit, they bring it into your building from a box somewhere outside of your building. If the box is on your property or nearby, make sure it’s locked. If it isn’t locked, contact the telco and ask them to lock it. Most companies will happily oblige, although some may refuse. In that case, just keep a record of their response. Your building probably has a master power pull switch. Lock it, too!
Harden your wiring! Don’t run network cabling exposed in any public space. If it’s inside a building, run it through the walls. If it’s outside a building, make sure it’s inside of conduit. You don’t want a simple pair of scissors to incapacitate your entire branch!