Questions? Contact Us

 

Latest News

Featured News & Events

The importance of physical security in protecting your cyber investments

Data breaches have made plenty of headlines the past few years and it's widely known that companies such as Target and Home Depot and government organizations such as the Office of Personnel Management have been hacked.

With these high-profile hacks of prominent companies and organizations comes plenty of information about cybersecurity. But what about physical security of a company's or organization's assets?

Physical security and segmentation in an office are just as critical to protecting a company's or organization's assets and future as cybersecurity. Too often businesses and organization focus on cybersecurity and inadvertently become lax in physical security of assets such as computers, laptops, servers and even printers, along with mobile devices that can contain proprietary information and customer data.

It's imperative for any organization to take physical security into account in the operations.

Physical security for servers

Let's start with the office in general. Employees who have access to any area they want to go are a liability. Physical security and segmentation are very important to restrict access to areas where employees don't need to be.

Take a server or server room, for example. Often a small business has a server, but it might be in an office, underneath a desk, or some other conspicuous and unsecured location. That server contains vital information for a business or organization and can easily be taken or accessed.

Do you leave your purse, wallet, laptop, mobile device and keys to your car, home and office in your unlocked car in the parking lot of where you work or in your driveway so anyone who happens by might be able to take what they want?

It's the same scenario for an unsecured server. We use electronic security in the facility where our servers are stored. We also have a surveillance system to see who has been in the room and when and store that data electronically for a period of time.

We recommend getting your server in a data center that has 24-hour security and mantraps and multi-level identification to thwart someone trying to break in and access it or take it.

The critical component of power

There's another benefit: A steady power supply. For businesses and organizations with servers in closets or under desks, what happens when the power goes out? If there's no backup power source and you go offline, you're done. Which is a big deal, especially the affected server is used to support online sales.

At our data center in northern Virginia, which is located in a geographically safe location, if the power goes out you wouldn't even know it thanks to 10 very powerful generators. If you're inside the facility, you don't know the power has gone out, so in a secure data center with steady power a business can continue selling online even in a storm.

You might think you are saving money by storing your business's or organization's server in an office closet or under a desk. The reality is that if power is affected then your business is detrimentally affected.

There's also the issue of bandwidth, which is also critical to operating a business. Most businesses have only one internet connection. We have 23. Even if half of them go down, nobody notices.

Securing vulnerable devices

When it comes to securing vulnerable devices such as laptops, computers, trade secrets and anything that someone can steal, it's vital to consider physical security. For example, my laptop has a hard drive encryption so if it does get stolen the data on is protected.

Think about a construction business and all of its customer records and invoices stored on a computer. This likely includes personal information about customers, so whoever steals that computer has direct access to the company's information. You've got to make sure that the company computers and laptops are locked up.

At ZZ Servers headquarters, we have electronic door locks to control access to sensitive areas. It's an investment — we're talking about $1,200 per door for what we consider one of the more cost-effective solutions — but well worth it.

If you have sensitive data — and every business and organization does — you've got to know who's going through the door and stop the people who aren't supposed to be.

Securing computers

One last thing. Think about your computers. Businesses and organizations have alarm systems and things like that but they don't have things as simple as secure computer logins. There's no security to get into their computers, even those that have customer-centric type of information.

We understand that small businesses may not have the capital resources to hire a security team or to have someone tell them how to secure their business. Small business owners are busy paying the bills, doing their job and may not be savvy when it comes to IT security.

But having computer logins with passwords that are changed every several months or so is a simple step to securing your business. What about at the end of the day? How secure are your laptops or mobile devices?

These are all things to consider as the owner of a small business or if you're operating an organization. Don't let physical security get lost in the shuffle of operating your business.

For an additional resource on physical security for your business or organization, here's a helpful article: http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/

A history of PCI compliance and why there’s a need...
Hosting in a secure environment is necessary for a...

Related Posts

 

Tag Cloud

spam vps Accountability Act ZZ Servers Co-Founder Small Business vulnerability scanning malicious software Firetalk VPS Servers Geekend logical security PCI Audit World Backup Day black friday Health Insurance Portability HIPAA solutions business solitions Credit Card Security hosting control panel spf Web Hosting PCI Compliance trends Information Technology shared secure hosting Cybersecurity Windows business community search Charleston motivation bash PCI Solutions cybersecurity Business Solutions windows 7 Linux Ubuntu shared hosting cloud infrastructure cyber monday social engineering business solutions GDPR HIDS video IT sender policy members area Hosting information technology HIPPA amazon ec2 Credit Cards multi-factor authentication PCI Alarm cyber protection password employee training cyber security management cell phone email Las Vegas anti virus Xen IT security activesync DEF CON compliance qsa cli PCI Service Provider health care providers Reports backup solutions PCI Hosting physical security lamp ZZ Servers Scalable Redundant Cloud Infrastructure healthcare solutions IT Solutions compliant hosting security circles education computer networks OSSEC IT solutions cyber liability insurance Medical Solutions physical openssl Assigned Names Car Hacking command line Zendzian David Zendzian data protection phishing attacks Compliance protect data PCI Data Security Standards spoofing TLS permissions INFOSEC apache cyber monitoring blackberry Debian eCommerce assesment HIPAA ipad data breach Home Depot Breach computer security email accounts embedded exchange National Cyber Security Awareness Month Hackers DRP Internet Corporation Health Care Cybersecurity HIPAA Solutions Continuous Monitoring teensy PCI DSS 3.2 intrusion detection PCI compliance Shmoocon personal information log files safe computing Presentation QSA CentOs smartphone network business credit card payment pci complliant hosting support kerio Domani Names passwords Business Planning IT services Security SSL phishing Cloud Computing Internet Sysadmin arduino Positive Customer Impact Disaster Recovery Plan Healthcare Records eCommerce Solutions Control Panel infrastructure businesses iphone credit cards stolen vyatta router firewall filter security PCI HIPAA BSides Online Business TiaraCon ICANN mail server credit card shared server Payment Card Industry change security Announcement Vulnerability recovering data shared folders cloud Internet infrastructure data privacy follow.The HIPAA Privacy Rule Email computing in the cloud IT Services caller-id two factor authentication dss dsbl Server Mangement small business Interworx-CP Cybersecurity Business Solutions cyber InterWorx Medical Records