In our world of online information security, most of the time people are thinking about passwords and server protection. While these are obviously very important things to be thinking about, one huge part of security is being overlooked; physical security.
Small businesses are really not thinking about physical security. Even when managers do think about physical security, they’re not entirely sure how to implement a strategy into their business. We are working in modern times where shared workspaces are a reality for many new businesses. Models like WeWork are changing the way people go to work every day.
So securing workstations and devices is becoming more and more difficult. But here are a few strategies that can be implemented today:
Define Physical Assets
Take an inventory list of the physical assets that need to be secured. Things like laptops, printers, servers, filing cabinets, etc. Any physical object that stores data critical to the business.
Once that list is complete, now it’s time to assess all of those assets. What is stored on/in those assets and any potential negative impact if they are compromised. Having that conversation with your security team will give you an idea of which assets need to be moved to the top of the priority list.
Remove and Consolidate
During the process of defining your physical assets, you may realize that there are things like five computers that nobody is using that are storing data or a server that isn’t being used anymore. Look for opportunities to consolidate, or remove, these items to simplify operations.
Looking back on the “risk assessment” step you will know which assets will hurt you the most if they are compromised. Implementing common physical security controls around these assets will strengthen your security posture. Things like door locks, lighting, security cameras, safes, and secure storage cabinets. Also, make sure that you are not leaving devices with sensitive data out in the open when you are traveling.