Monday, 27 June 2016

03:58

Physical Security

    No comments

When thinking of physical security, most people think of security guards, cameras, and locked doors. Many fail to realize that they themselves also have a big role in keeping information safe from physical attackers, since the information is in electronic form. Instead of giving examples now, let’s jump right in and get started. I’m going to start each section with a question that I’d like you to think over before I explain.

Are you the only person with access to your office?

I highly doubt that you are the only one. Custodial and maintenance staff have keys that get them just about anywhere. I’m sure that you have had visitors or have held meetings in your office. You may ask, “Can’t we trust these people?” Sure we can, but it’s better to think of ways to secure what is in our office so any temptation a person may have is greatly reduced.

Do you have any documents with sensitive data in plain view?

I know that you need to be able to see the documents to work with them, so of course they are in plain view at some point. When someone comes in your office or when you are absent, though, these documents need to be stored away. Remember the old movies where the spy would take photographs of documents with their bow-tie camera? Well, it’s not that different today. With miniature cameras like those in cell phones widely and easily available, it is simple for anyone to take a photo without being noticed... even when you are standing right there!

When you print documents, do you pick them up immediately, or do they sit on an office printer for some time? This is another area where caution needs to be taken.

When you dispose of documents with sensitive information, a shredder must always be used. People may legally dig through trash (called “dumpster diving”), and take whatever they find. Many people even treat this as a hobby and do so regularly.

Do you have any removable media (floppy disks, CDs, Flash drives, etc) with sensitive information?
How often have you misplaced a CD or a floppy? I know that I have. Even if you haven't, if you place one on your desk before leaving work, would you notice that it is missing the next day or would it take some time?

Removable media is very compact, which is convenient for both you and any thieves. Store these away safely. If one is lost, any information on it must be considered compromised, even if you think it may have been thrown away.

If you wish to throw away removable media, please destroy it so it would be very hard for anyone to use. Just deleting the contents is not enough. Recovering deleted files is a time-consuming task, but is fairly easy to do with the assortment of tools that are widely available.

I advise against saving sensitive information on removable media, but if you must, please encrypt the data. It will still be compromised, make no mistake, but it may protect the information enough that a less-than-determined attacker will give up or the media will be found.

Do you use a laptop, PDA, etc?

The same safety measures for removable media apply to portable devices as well. Since these devices hold even more information, they are even more critical. Remember, encryption is very important!

Do you either lock your screen or log out of your computer every time you leave your office?
An attacker only needs a minute or so to send themselves documents, send someone threats, etc. Your account is the one being used, so you would be investigated for it. Locking your screen only takes a second, and unlocking it only requires that you type your password. It’s a simple habit to learn that protects both you and the information.

To lock your screen in Windows, you press and hold the Windows key and press the L key. The Windows key is located in between the Ctrl and Alt keys on the lower left side of your keyboard.

Is your password written down anywhere? Is it a generic password? Is it a strong password?

If your password is written down, someone else probably knows it already. The most (in)famous hiding places are under your keyboard or in a desk drawer. If it is stuck to the front of your monitor, it isn't even hidden. If your password is a generic one (e.g. ‘password’), someone else probably knows it too. Also, I discussed strong passwords in February’s article. If your password isn’t strong (e.g. ‘password’, your ID #, etc), someone may know it or be able to guess it.
Like the Post? Do share with your Friends.

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )

 

Security Learner's Blog

This content is DMCA Protected.Copying or reproducing of procedure is prohibited.Do Not Copy!!