Data breaches have made plenty of headlines the past few years and it's widely known that companies such as Target and Home Depot and government organizations such as the Office of Personnel Management have been hacked.
With these high-profile hacks of prominent companies and organizations comes plenty of information about cybersecurity. But what about physical security of a company's or organization's assets?
Physical security and segmentation in an office are just as critical to protecting a company's or organization's assets and future as cybersecurity. Too often businesses and organization focus on cybersecurity and inadvertently become lax in physical security of assets such as computers, laptops, servers and even printers, along with mobile devices that can contain proprietary information and customer data.
It's imperative for any organization to take physical security into account in the operations.
Physical security for servers
Let's start with the office in general. Employees who have access to any area they want to go are a liability. Physical security and segmentation are very important to restrict access to areas where employees don't need to be.
Take a server or server room, for example. Often a small business has a server, but it might be in an office, underneath a desk, or some other conspicuous and unsecured location. That server contains vital information for a business or organization and can easily be taken or accessed.
Do you leave your purse, wallet, laptop, mobile device and keys to your car, home and office in your unlocked car in the parking lot of where you work or in your driveway so anyone who happens by might be able to take what they want?
It's the same scenario for an unsecured server. We use electronic security in the facility where our servers are stored. We also have a surveillance system to see who has been in the room and when and store that data electronically for a period of time.
We recommend getting your server in a data center that has 24-hour security and mantraps and multi-level identification to thwart someone trying to break in and access it or take it.
The critical component of power
There's another benefit: A steady power supply. For businesses and organizations with servers in closets or under desks, what happens when the power goes out? If there's no backup power source and you go offline, you're done. Which is a big deal, especially the affected server is used to support online sales.
At our data center in northern Virginia, which is located in a geographically safe location, if the power goes out you wouldn't even know it thanks to 10 very powerful generators. If you're inside the facility, you don't know the power has gone out, so in a secure data center with steady power a business can continue selling online even in a storm.
You might think you are saving money by storing your business's or organization's server in an office closet or under a desk. The reality is that if power is affected then your business is detrimentally affected.
There's also the issue of bandwidth, which is also critical to operating a business. Most businesses have only one internet connection. We have 23. Even if half of them go down, nobody notices.
Securing vulnerable devices
When it comes to securing vulnerable devices such as laptops, computers, trade secrets and anything that someone can steal, it's vital to consider physical security. For example, my laptop has a hard drive encryption so if it does get stolen the data on is protected.
Think about a construction business and all of its customer records and invoices stored on a computer. This likely includes personal information about customers, so whoever steals that computer has direct access to the company's information. You've got to make sure that the company computers and laptops are locked up.
At ZZ Servers headquarters, we have electronic door locks to control access to sensitive areas. It's an investment — we're talking about $1,200 per door for what we consider one of the more cost-effective solutions — but well worth it.
If you have sensitive data — and every business and organization does — you've got to know who's going through the door and stop the people who aren't supposed to be.
One last thing. Think about your computers. Businesses and organizations have alarm systems and things like that but they don't have things as simple as secure computer logins. There's no security to get into their computers, even those that have customer-centric type of information.
We understand that small businesses may not have the capital resources to hire a security team or to have someone tell them how to secure their business. Small business owners are busy paying the bills, doing their job and may not be savvy when it comes to IT security.
But having computer logins with passwords that are changed every several months or so is a simple step to securing your business. What about at the end of the day? How secure are your laptops or mobile devices?
These are all things to consider as the owner of a small business or if you're operating an organization. Don't let physical security get lost in the shuffle of operating your business.