shadow_tr
lock on colorful wooden gate

Don’t Take Physical Security for Granted


Posted: 10/24/2013

Physical security, as part of information technology, is often thought of as locked doors, identification clearance, and a desk with a security guard, but it is much more. While physical security’s main focus is the protection of hardware, networks, and data from physical damage or loss, it also requires personal attention to maintain the safeguards in place. While physical security gets a great deal of attention at the enterprise level, at the personal level it is often taken for granted or overlooked entirely.

Attend to Your Devices
Leaving devices unattended is a common practice that leads to the loss of hardware and sensitive data. Laptops and mobile devices that are left unattended are stolen every day, and the loss of hardware is just part of the story.  If a device is not properly password protected, both personal and professional data may be at risk. Saved passwords to commerce web sites, such as credit card and financial institutions, may be compromised. This misplaced trust can lead to unfortunate and possibly alarming scenarios.

Use Lock Screens, Logout, or Shut Down
A locked door may not provide sufficient security. Desktop computers in a secured office are still at risk; not locking a computer when leaving it unattended can lead to a serious compromise. A recent  example from an office on campus involved an unlocked computer in a locked office. Over the weekend, an individual with after hours access to the office used the computer and unknowingly infected it with malware. The system was used, almost immediately, by unknown third parties for illicit activities.

Protect Your Backup Devices
Removable hard drives and thumb drives are examples of items that are often overlooked as devices that need to be secured. Their small size makes them easy to steal, but the risk of the loss of confidential data is still substantial. These devices need to be stored in locked file cabinets or desk drawers when not in use.  Using encryption technology to prevent the data from being accessed by a third party can mitigate these types of loss.

Don’t take physical security for granted — it only takes one incident to ruin your day.  Taking the steps of password protecting and encrypting a device can limit loss of hardware, which can easily be replaced. The consequences of losing data can be a drastic set back for an individual, their employer, and their associates.

Always Remember

  • Devices should not be left unattended in public places.
  • Unattended computers or mobile devices should be locked
  • Use locked cabinets or drawers to prevent the theft of portable devices.
  • Do not take the physical security of your computing devices for granted.
  • Using password protection can prevent misuse of resources.
  • Encryption can be used to further protect lost or stolen devices.
  • Tulane Information Security recommends Iron Key Encrypted flash drives.

To learn more about securing your physical environment, sign up for Securing the Human online training at http://tulane.edu/tsweb/security/securehuman.cfm

Author: Chris Wood is an Encryption Analyst with Tulane's Information Security Office.

Technology Services, Tulane University, New Orleans, LA 70118 -- TSNOC: 1-866-276-1428 -- help@tulane.edu