TMCnet Feature Free eNews Subscription
May 20, 2018

How Can IT Departments Take Physical Security Seriously?

In the IT department, security often takes center stage. You probably wake up in the morning and go to sleep in the evening thinking about it.

But the chances are, you’re not taking physical security as seriously as you should. It’s time to start paying better attention.

Five Tips for Better Physical Security

There was a time when physical security was the single most important concern for a company. When you discussed a security strategy, business owners automatically assumed you were talking about locks, cameras, and access control.

Then came the explosion of the Internet and the rise of the IT department. Over the past few decades, the primary emphasis in terms of security has been on barring cyber attacks, viruses, and other malicious online behavior.

Undeniably important though this is, it’s unfortunately removed physical security from the picture for many firms. Now is in fact the time to circle back and make sure you’re paying sufficient attention to physical security as well.



It may not seem as relevant or glamorous as cyber security, but physical workplace security is arguably just as important. Not sure where to start? Here are five tips:

1. Choose the Right Locations

Tight physical security starts with focusing on the right physical locations. It’s especially critical for data centers and server rooms.

Typically, data centers should be situated separately from the business headquarters, the farther the better, and at least 100 feet off a main road. They shouldn’t be labeled with signage (no point in tipping people off) and need to be removed from problem areas such as earthquake fault lines, flood zones, airports, chemical facilities, and power plants.

It’s also helpful to have redundant utilities. “Data centers need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines,” information security expert Sarah D. Scalet advises.

“Lines should be underground and should come into different areas of the building, with water separate from other utilities. Use the data center’s anticipated power usage as leverage for getting the electric company to accommodate the building’s special needs.”

Server rooms will have to be located on site, of course, but they also need to be located intelligently. For example, don’t make the mistake of putting your server room right off a main lobby or meeting area where anyone could wander through the door.

It’s much better to have it in a basement or remote area in the building.

2. Implement Multiple Layers of Access Control

Having a card scanner or lock on a door is great, but you need multiple layers of access in order to protect highly sensitive areas such as data centers, server closets, and high-risk areas.

Layering of security methods will ensure that someone can’t gain access by simply compromising one element. They should have to get past two, three, or four different checkpoints in order to put you at risk.

Common layers of access control include door locks, card readers, biometric scanners, surveillance cameras, and even human security guards.

3. Properly Dispose of Information

Does your IT department have a strategy for how it handles physical documents, files, and confidential records? A lot of businesses don’t spend much time thinking about this, and, as a result, they end up needlessly exposing their data.

Most firms have some kind of system in place to store confidential information, but it’s rare for a company to have a documented strategy for the disposal of physical records. If it hasn’t already, your department should invest in shredders that are capable of destroying paper, CDs, and DVDs.

You also need a plan for where to store shredded files as well as where they’ll be taken for final disposal.

4. Train Employees to Look for Suspicious Activity

You only have one set of eyes. If you’re the only one who monitors security and pays attention to what’s happening, then you’re apt to miss some stuff.

In order to be sure your department is hyper-vigilant about what happens at any given moment, train your employees to watch for suspicious activity. Let them know the sorts of behavior that are acceptable and unacceptable, and how to proceed if they witness something that falls into the latter category.

In sum, you must create a culture of accountability in which employees will feel comfortable calling out risky behavior and doing what’s best for the good of the company. This can be easier to say than do, but training goes a long way.

5. Monitor and Record

“Cameras are very inexpensive today, and yet they can do double duty, not only detecting possible threats in progress, but allowing for forensic review of incidents,” information security expert Robert C. Covington points out. Unfortunately, many IT departments don’t take advantage of the cost-effectiveness and versatility of such cameras.

As Covington advises, “Cameras should be installed at all entry points to a facility, and in key areas such as data centers and telecom closets. The video should be recorded and retained, with a live monitor placed on the desk of someone who can keep an eye on it.”

Though it’s useful to go back and review video after an incident occurs, you can save yourself a lot of trouble by monitoring video before anything happens. Periodically check the tapes and look for any suspicious behavior.

Is someone frequenting the server room who shouldn’t be? Is there strange activity in the data center? Investigate anything that doesn’t look right.

Protect Your Business on All Fronts

When you’re a homeowner, you don’t just lock the front door and leave the back door open, do you? Of course not; that would be foolish.

When it comes to your IT department, then, why are you only paying attention to cyber security and not factoring in worksite security? If you’re serious about protecting your business, you need to safeguard it proactively against attacks on all fronts -- digital and physical.

It will take some time and money to enhance physical security, but it’s inevitably cheaper to prevent an attack than to have to pick up the pieces after one. Take security seriously, and you’ll be rewarded.

 

» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles