With growing cybersecurity threats, many organizations have implemented antivirus and basic cybersecurity practices. But when it comes to vulnerability, there are other ways for hackers to breach your technology. Let’s take a step back, look at the bigger picture, and consider another security weakness, physical security.
Physical Security of Technology
Where is the technology infrastructure stored? Are racks and servers kept out in an open hallway or in a broom closet? Can anyone from within the building physically tinker with the equipment? If you answered “yes” to any or all these questions, we are looking at an on-premises security vulnerability.
The first step in securing your infrastructure is to allocate a designated location that can be locked. This should not be a shared space that many people have access to, like a janitorial closet or a storage room. Ports on servers and computers can be accessed physically and can be detrimental to the security of your entire network because someone can plug into the equipment and bypass the security measures in place. Either physically disable or use antivirus to disable unused ports.
Secondly, consider the security of desktops and laptops. Do laptops frequently leave the premises? Consider getting lock mechanisms and hard drive encryption for anything that frequently leaves the office. Don’t forget about ports that can be easily accessible on a typical laptop.
Oh, and think about where these physical and encryption keys are kept. Locking up equipment doesn’t matter if keys are available to everyone. Once you select a secure location, provide only the necessary personnel with access. Everyone should be seen as a possible threat in this situation; don’t underestimate a person’s capabilities based on their job title. No need to tempt anyone unnecessarily.
User Permissions and Access
This leads me to general user permissions and access on your network. Provide end users only with access to whatever is necessary for them to complete the day-to-day functions of their job. Not everyone needs access to everything. Set access restrictions on files containing sensitive information, like HR documents or the company’s accounting books. While this may seem like more administrative overhead it can not only protect you from data theft it can also reduce malware’s impact, for example, it can’t encrypt what it can’t read or have write access to.
Each user should have a unique username and password to log in to workstations and technology around the office. This way you can control for who can reach what, in addition to an audit trail so you know who’s been accessing and/or modifying shared files.
Your password policies should not be too stringent. You don’t want users to write passwords on sticky notes and “hiding” them under their keyboard or in a drawer. Create a policy that is user-friendly yet secure. The current recommendation is to recommend passwords that are complex in the sense that they are full phrases or sentences, not just a combination of letters, numbers, and symbols. Not kids and pets names or significant dates in your life.
Secure your technology environment and essential business information from all types of possible breaches, including the physical security. Reach out to us for more information about securing your systems and implementing security precautions. We can perform a basic assessment to see how secure your environment truly is.