There are many layers to network security, and fortunately everyone seems to be more aware of the ongoing work required to protect digital data from hackers and the multitude of online threats we're facing. But there is another aspect to data protection that is often overlooked, and that's physical security.
Simple actions (or lack therefore) can have big consequences. An employee's physical workspace is the gateway to the network, and there are some common habits that might seem benign, but that can easily create big headaches for a business.
Can You Spot the 4 Security Risks in this Photo?
There are some pretty common behaviors that can pose a risk to your data security.
But they are also easy to correct through awareness and education about physical security. Take a look at the photo below and see if you can pick out the security risks.
1. Login Credentials Left Out in the Open
It's the classic "password on a sticky note" mistake (and no, that's not a real password!).
It might seem harmless and it sure does help with remembering those complex passwords we all need to have, but it's a really bad habit. Anyone passing by this desk can capture the login and use it to access the network.
Best practice for passwords is never to share a password with anyone - including co-workers - and while writing them down isn't the worst thing in the world, written passwords should never be stored in plain sight...or in the most obvious locations, just as the very top of the top desk drawer.
2. Computer is Left Unlocked
As you can see, the computer in this photo is unlocked...and unattended. This means that anyone passing by can hop onto this workstation and access any and all data.
Whether a computer user is getting up for a quick coffee break, lunch, or closing up for the night, they should get into the habit of locking down the screen so that the password is required to restart a working session. This will prevent any unauthorized access.
3. Unattended Storage Device
Portable storage devices - like the USB drive pictured here - should never be left out in the open, where anyone walking by could take off with it and whatever data it contains.
Instead, storage devices should always be kept on your person, or stored in a safe place, like a locked drawer or cabinet.
Side note on this - as a business leader, you probably want to ask yourself why your employees are using portable drives, if this applies to you. If they are personally owned/managed, this is an additional risk factor, as they may contain malicious code that was picked up from an unsecured device (like a home computer).
It might be time to look into better options for allowing employees to securely access and share corporate files remotely. Cloud-based office tools like Office 365 offer access anytime and anywhere, while also providing the security that every business needs.
4. Mobile Device Unattended and Unlocked
These days, personal mobile devices in the workplace are as common as desktop computers and laptops. The sight of one out on a desk is far from unusual. The first problem here is that it's unlocked. The second is that it's unattended.
The first problem represents the bigger threat to the business, because more than likely this device is used to access company email as well as other business-related apps and services. Leaving it unlocked means that anyone can grab it and gain access to that same information.
The second problem is more of a nuisance for the employee, but it's a problem all the same. Unattended devices are easy to steal, and as much as we all rely on them, coming back to your desk and finding yours MIA is going to ruin your day.
In the best-case scenario, the lock-screen did activate after a short time, and you are able to remotely wipe the device to prevent someone from accessing whatever personal and business data lives on it.
But at the end of the day, you've still spent time trying to locate it, replacing it, reconfiguring it, etc. That's wasted time that could have been spared by simply securing the phone in the first place.
Other common issues that can affect employees and the business alike are leaving credit cards or (credit cards numbers written on sticky notes) out in the open, or purses, wallets or other personal items. While no one ever wants to think it will happen to them - especially in the confines of your place of work - it certainly can and does.
By securing your physical space appropriately, you can easily reduce your overall risks to your personal possessions and data, as well as company assets.
This level of physical security is of course part of a layered approach to modern network security that includes patch management, data backups management, network administration best practices, cybersecurity awareness and training, anti-virus, and 24/7 monitoring.