What is Physical Security?
Physical security entails the management of organizational information protection in the workplace. This can include the security of your employees, computer systems, customer and client data, software, and much more. Our businesses rely on our ability to safeguard our assets and those of our stakeholders, and not doing so can have detrimental effects on our company.
We’re talking about clean desk policies and role-based access controls in the office, as well as safety planning and protections such as fire escapes, extinguishers, hardened doors, etc. Data retirement and destruction management where data is safely stored and safely discarded through responsible third parties and shredding services. For mature organizations, these policies and protections were commonplace in the office environment where the organization could continue to grow and build upon its existing successes and infrastructure.
Then came COVID.
Why is Physical Security a Problem?
The office environment is something an employer can control. Supervisors and managers are in the pods, seeing how their employees work and function. It’s easier for a company to inspect physical security when it’s physically possible to put eyes on it. The home office is completely different. A manager isn’t welcome in your home. They cannot simply drop in one day and see how you are living, snoop around looking for passwords on post-It notes, or to sift through your trash can. Physical security went out the door when COVID pushed us all out of it.
As we move towards a post-pandemic life again, we have rightfully questioned the efficacy of working in the office versus productivity working at home. Many companies are sticking with it. So, what can we do to reimagine and improve our physical security again?
Reimagining the Physical Security Policy
Now that we know the problem, what can we do to improve it?
Provide employees with a company computer and mobile phone – Work from Home (WfH) employees will need access to company data and resources. Providing and requiring an employee to utilize company-owned and controlled devices allows the company to individually secure them and allow for remote control if needed. Many tools and services are available (and built into things like AWS and Azure) that allow an organization to update, secure, and disable devices if necessary.
Provide employees a way to destroy physical data . In the office, there are shred bins or other disposal methods that employees can use to drop handwritten notes, printed forms, and other information for destruction. It should be no different at home. Provide employees with a company-approved shredder to destroy information and data in their office. If your business requires more stringent destruction techniques, consider a mobile service.
Keep data from prying eyes – It is impossible and wrong to try to tell employees to segregate their home office space from the rest of their homes. Some people may not have an office and work from the kitchen table, couch, or bedroom. Wherever the employee is working from, make sure they have a way to hide the information they have control of. Provide privacy filters for screens, small lockboxes for sensitive materials, and additional support if needed to find the best way to secure those assets with the room they have.
Training, Training, Training – Again, in the home office, it’s easy to spot-check security. Managers can quickly peek under a keyboard or look in the top desk drawer for passwords. Without those checks, it can quickly become an issue of complacency, and we need to reinforce the need for sound security constantly. Send out weekly reminders with the basics of security best practices in the home. If your company conducts training twice a year, consider conducting it quarterly. Adjust to the threats and the times.
Wrapping it Up
This is just the start on what your organization can do. Large-scale work-from-home operations is a new concept, and it will take creativity and brainstorming to determine how to do it in your company best. If you’re unsure where to start or want to build upon your current policy, don’t hesitate to contact us. TCM Security is happy to help develop the policies you need to strengthen your company’s work-from-home strategy.
About the Author: Heath Adams
Heath Adams, also known as “The Cyber Mentor,” is the CEO of TCM Security. While Heath is an ethical hacker by trade, he also loves to teach! Heath has taught courses to over 1,000,000 students on multiple platforms, including TCM Academy, Udemy, YouTube, Twitch, and INE.
Heath has held many certifications, including CISSP, PNPT, QSA, GSNA, OSCP, ECPTX, and eWPT. He also holds an MBA degree.
Finally, Heath is also a husband, animal dad, tinkerer, and military veteran.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcmdev.tcmsecurity.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com