Questions? Contact Us

 

Latest News

Featured News & Events

The importance of physical security in protecting your cyber investments

Data breaches have made plenty of headlines the past few years and it's widely known that companies such as Target and Home Depot and government organizations such as the Office of Personnel Management have been hacked.

With these high-profile hacks of prominent companies and organizations comes plenty of information about cybersecurity. But what about physical security of a company's or organization's assets?

Physical security and segmentation in an office are just as critical to protecting a company's or organization's assets and future as cybersecurity. Too often businesses and organization focus on cybersecurity and inadvertently become lax in physical security of assets such as computers, laptops, servers and even printers, along with mobile devices that can contain proprietary information and customer data.

It's imperative for any organization to take physical security into account in the operations.

Physical security for servers

Let's start with the office in general. Employees who have access to any area they want to go are a liability. Physical security and segmentation are very important to restrict access to areas where employees don't need to be.

Take a server or server room, for example. Often a small business has a server, but it might be in an office, underneath a desk, or some other conspicuous and unsecured location. That server contains vital information for a business or organization and can easily be taken or accessed.

Do you leave your purse, wallet, laptop, mobile device and keys to your car, home and office in your unlocked car in the parking lot of where you work or in your driveway so anyone who happens by might be able to take what they want?

It's the same scenario for an unsecured server. We use electronic security in the facility where our servers are stored. We also have a surveillance system to see who has been in the room and when and store that data electronically for a period of time.

We recommend getting your server in a data center that has 24-hour security and mantraps and multi-level identification to thwart someone trying to break in and access it or take it.

The critical component of power

There's another benefit: A steady power supply. For businesses and organizations with servers in closets or under desks, what happens when the power goes out? If there's no backup power source and you go offline, you're done. Which is a big deal, especially the affected server is used to support online sales.

At our data center in northern Virginia, which is located in a geographically safe location, if the power goes out you wouldn't even know it thanks to 10 very powerful generators. If you're inside the facility, you don't know the power has gone out, so in a secure data center with steady power a business can continue selling online even in a storm.

You might think you are saving money by storing your business's or organization's server in an office closet or under a desk. The reality is that if power is affected then your business is detrimentally affected.

There's also the issue of bandwidth, which is also critical to operating a business. Most businesses have only one internet connection. We have 23. Even if half of them go down, nobody notices.

Securing vulnerable devices

When it comes to securing vulnerable devices such as laptops, computers, trade secrets and anything that someone can steal, it's vital to consider physical security. For example, my laptop has a hard drive encryption so if it does get stolen the data on is protected.

Think about a construction business and all of its customer records and invoices stored on a computer. This likely includes personal information about customers, so whoever steals that computer has direct access to the company's information. You've got to make sure that the company computers and laptops are locked up.

At ZZ Servers headquarters, we have electronic door locks to control access to sensitive areas. It's an investment — we're talking about $1,200 per door for what we consider one of the more cost-effective solutions — but well worth it.

If you have sensitive data — and every business and organization does — you've got to know who's going through the door and stop the people who aren't supposed to be.

Securing computers

One last thing. Think about your computers. Businesses and organizations have alarm systems and things like that but they don't have things as simple as secure computer logins. There's no security to get into their computers, even those that have customer-centric type of information.

We understand that small businesses may not have the capital resources to hire a security team or to have someone tell them how to secure their business. Small business owners are busy paying the bills, doing their job and may not be savvy when it comes to IT security.

But having computer logins with passwords that are changed every several months or so is a simple step to securing your business. What about at the end of the day? How secure are your laptops or mobile devices?

These are all things to consider as the owner of a small business or if you're operating an organization. Don't let physical security get lost in the shuffle of operating your business.

For an additional resource on physical security for your business or organization, here's a helpful article: http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/

A history of PCI compliance and why there’s a need...
Hosting in a secure environment is necessary for a...

Related Posts

 

Tag Cloud

safe computing ZZ Servers Co-Founder Cybersecurity Business Solutions Geekend CentOs security members area command line Las Vegas World Backup Day PCI Control Panel Home Depot Breach PCI Service Provider password HIPAA Solutions shared server IT windows 7 spam credit card payment support Linux Medical Records hosting control panel TiaraCon Health Care Cybersecurity logical security physical security phishing management follow.The HIPAA Privacy Rule passwords cyber liability insurance cybersecurity Hosting cyber PCI Audit Online Business education business business solitions credit card two factor authentication business solutions apache Assigned Names black friday VPS Servers Disaster Recovery Plan smartphone IT security Continuous Monitoring Charleston Information Technology Announcement Interworx-CP GDPR Credit Cards DRP HIPAA backup solutions PCI compliance cyber monday openssl phishing attacks PCI Data Security Standards activesync InterWorx email accounts vyatta router firewall filter security PCI HIPAA Payment Card Industry health care providers Accountability Act qsa intrusion detection exchange cell phone email employee training Positive Customer Impact cyber monitoring INFOSEC assesment multi-factor authentication Firetalk physical Domani Names recovering data ZZ Servers Reports Ubuntu businesses Medical Solutions Internet HIPAA solutions Car Hacking Debian sender policy PCI Compliance trends HIDS Business Planning Web Hosting change Hackers Alarm lamp Shmoocon dsbl Healthcare Records social engineering business community HIPPA pci complliant hosting Scalable Redundant Cloud Infrastructure Internet Corporation IT Services Presentation network blackberry ICANN National Cyber Security Awareness Month information technology PCI Hosting video cyber protection shared folders shared hosting Health Insurance Portability permissions shared secure hosting healthcare solutions credit cards stolen security circles PCI Solutions OSSEC dss motivation compliant hosting IT solutions embedded SSL eCommerce Solutions search cyber security log files compliance Credit Card Security cli iphone QSA DEF CON teensy Small Business data breach Compliance Email BSides Cybersecurity small business computer networks David Zendzian IT Solutions computing in the cloud Server Mangement infrastructure amazon ec2 mail server IT services Vulnerability eCommerce malicious software kerio data privacy spoofing cloud Internet infrastructure arduino vulnerability scanning computer security Windows personal information Security TLS Xen PCI DSS 3.2 Cloud Computing data protection anti virus protect data cloud infrastructure vps Zendzian spf ipad Sysadmin caller-id bash Business Solutions