Creating and maintaining a physical security policy for the devices on your network becomes more critical as your organization continues to grow.
Physical device security is often overlooked in small to medium sized businesses (SMBs) since many organizations are focused on product development, sales growth, etc. In-house IT processes can often fall off the radar during these phases of rapid growth.
In addition, it may not seem practical to implement device security policies because your business may operate within a small facility, possess a small staff, or the value of securing your assets may not justify the costs.
Every Organization Should Have a Physical Security Policy
There's a popular 3 letter term used in corporate America called "C-Y-A." This acronym is a humorous reminder that people should cover their rear ends in business deals, should the worst possible scenario present itself.
The best offense is a good defense. Businesses must implement proper physical security procedures to support their technology investments and to ensure the safety and security of the data being used within their line of business applications.
By crafting a physical security policy for the devices on your network, your organization can be confident that its processes are in line with popular industry compliance standards.
Physical Security Best Practices for SMBs
Because of this, we've created a quick list of policies and procedures that will help your enterprise get in line with popular physical security standards.
Perform an Audit of the State of Your Physical Security
How does your business currently track, deploy, and manage the physical security of your assets? How does your business track employees, vendors, and visitors when they arrive at your office? Every organization should have a detailed log of each of these activities, and the log should be able to be produced, upon demand.
Apps and services are available to help your organization keep tabs on each of these activities. Advanced 3rd party applications can even give your IT team the ability to setup alerts whenever policies are broken.
While some organizations may use low tech methods of tracking physical security, such as keeping Excel sheets, others may require more in depth analytics. Regardless of the route you take, here's a few tips on what your organization should track, monitor and audit on regular basis:
- Identification: Require that employees, vendors, and visitors have a badge that identifies who they are.
- Asset Tracking: When new IT assets are purchased, specifications such as serial number, make, and model should be recorded.
- Asset Deployment: IT staff should develop a system that allows to them to know who has an asset and where it is deployed.
- Physical Access: Non IT employees should never have access to a room that stores IT equipment.
- Consider Video Surveillance: If you have a server closet on premises, these assets should always have some sort of video surveillance facing the equipment as well as the outside walls of the room.
Physical Security Policies Regarding Offsite Use of Company Equipment
Many organizations deploy agents into the field with smartphones, tablets, and laptops. How can an IT staff ensure the security of these devices when they aren't being used within a traditional office setting?
Many solutions exist out-of-the-box while more advanced solutions may require 3rd party applications. Here is a basic overview of how to ensure the physical security of each of these devices.
Securing Smartphones, Tablets and Laptops
Smartphone security is pretty basic in the fact that most users will setup their own PIN to secure the device. After so many incorrect entries, the device can be configured to erase all of the data on the phone.
One popular solution that IT departments are using is called the Prey Project. If a laptop, tablet, or mobile device is stolen and the security PIN number has been breached, the Prey Project helps organizations recover their devices by installing a small, lightweight agent that allows organizations to track and monitor the whereabouts of their devices.
The Prey Project gives organizations the ability to remotely lock the screen, take a picture using the device's camera, or find the device on a map using a geolocation feature.
Other Physical Security Tactics
You should always use the baked-in data encryption features on the devices that you deploy.
For example, devices running Windows can utilize the BitLocker security feature to encrypt the hard drive of a laptop. Users would have to enter the BitLocker password to continue booting into the laptops operating system.
If your fleet of mobile devices consists mainly of laptops, consider buying a laptop lock for each of these devices. As employees move from location to location, they will be required to lock the laptop onto the desk in which they are using. This ensures that the device won't be stolen if the employee happens to turn their back or walk away from the desk.
Tying it All Together
Murphy's Law says, "Anything that can go wrong, will go wrong." When you evaluate the physical security surrounding your IT assets, use Murphy's Law as a mindset to consider all of the different things that can happen if the proper policies, products, and procedures aren't followed within your organization.
Depending upon your organization, a physical security breach could cost your business significantly more than just the value of the assets that you've lost. A physical security breach could harm your organization's reputation, causing potential clients to shy away from using your services.
Begin training your employees on basic physical security practices so that they can become aware of the impact of a physical security breach. Always entertain employee feedback on these policies, as your IT department will be tasked with finding a comfortable medium between enforcing compliance standards and educating users on how to navigate the new policies.
If you have any worries about your network security, please call us at (864) 248-6316, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC area business succeed!