Share to Facebook Share to Twitter Share to Google Plus Share to LinkedIn

Hacking comes in countless forms. If you say hacking to many people, they will assume you mean getting access to a PC digitally. But what about accessing IT assets physically by just the means of a felt tip? Hacking can also be physical.

Physical Security

So you have a key pad protecting your business from the outside, your IT assets are secure right? Most of the time, yes, until someone comes along with a felt tip pen. A small mark on each key will soon give away the code for the door. Once inside how secure is the office?

Are doors to secure areas propped open internally, laptops left unlocked and what about the stack of paperwork sticking out of the cabinets as they are too full to be locked. All the hard work of developing and enforcing cyber security is affected when the information can be accessed this easily.

Shut the Door

Internal doors need to be kept shut as much as external doors to ensure any unauthorised access is limited but what about when the door is held open? Tailgating makes the most of people not wanting to seem rude and just shut the door in someone’s face - but this could just be inviting someone into your building.

High Vis Effect

People will be unlikely to challenge those who wear official clothing like high vis jackets. Most of the time the worker is there legitimately but they should be challenged. You should be aware they are coming to site prior to their arrival and ensure they have ID on them, otherwise the guy who has arrived to do some “cabling works” make have other motives.

Risks

The risk of all of these is you are giving free access to an unauthorised user. All the money and time spent protecting your PCs from cyber risks are thrown away when someone gets physical access to your office with post it notes showing passwords around.

How to protect

User training is one of the main aspects for your office protection. Ensure users are informed, explain it is fine to challenge workers coming into the office and make sure they are there for what they say they are.

Also inform users it is not rude to ask for a member of staff to produce their ID if they are following you behind a door, if it is a large office do you really know every member of staff?

Ensure the security is as strong as it could be; laptops and PC’s should be locked when not in use and if possible fastened to the desks. Internal doors should be locked, and where needed secured. Not everyone should have access to the server room.

Further Reading

For more information, please refer to the following: http://www.telegraph.co.uk/connect/small-business/cyber-security/how-cyber-criminals-can-target-you-in-the-real-world/