When thinking about the security of electronics systems our minds usually go to the measures that we need to take to protect them in the online world. However, the danger is no less in the real world, especially in our times that the mobile devices we use are becoming more and more.
Once the computing systems were made up of large machines that only certain individuals had access to, so all they needed to be safe from intrusions was locked into safe, air-conditioned rooms. Today, however, almost every business has mobile devices that it uses to carry out its work, which includes all the data of the business and its customers.
The "open" nature of modern business makes it very easy for disgruntled employees, competitors or even customers to access this equipment. Malicious agents could also steal or sabotage the equipment or extract data from it.
Lost or stolen portable devices pose an even greater threat. According to a report by UK think-tank Parliament Street, more than 26.000 mobile phones, laptops and other devices were reported to have lost 2017 to the London transport system. A larger transport system, like New York City, is likely to have an even greater number of lost devices. And it does not include the devices that have been forgotten in cabins, vehicles and airplanes.
Many of these devices undoubtedly contain sensitive business information and most users do not seem to be particularly worried about their security. Few even apply simple measures such as a PIN or password, and much less encrypt their data.
Here are some ways you can improve the physical security of your systems:
Household servers and other tools should be placed in a locked room or closet. If there is no such space, invest in special IT cabinets, which can be locked with a key or password. It is even better to place your equipment in facilities that provide locked cages and other physical security controls.
Educate users to "lock" their workstations when they leave their offices for any length of time. Also, make sure that users close all applications and disconnect their desktops when leaving work. Implement policies that require users to secure any portable devices used for business operations.
Invest in a data encryption method for data security. Avoid using USB drives and flash drives for data transfer - they are very easy to get lost or stolen and may contain malware.
If you have stocks of unused equipment - even if it is in a locked storage area - use a replacement or cleanup tool to remove all data, as sensitive information still exists on old hard drives and other devices.
For tape drives, make a full factory reset and make sure there is no sensitive information on the device. Remove any identifying labels in the backup cassettes and disassemble or break them with your old hard disks.