An often-overlooked aspect of an organization's security posture is physical security. Mistakes can expose company data, often with serious and embarrassing consequences.

• Flash drives containing important data, if removed from the building, could be left lying around someone's home, a bar or coffee shop where someone else could pick it up and walk off with it.
• Paper records thrown into a dumpster instead of being shredded leaves that data available to someone to discover after business hours.
• Computers or devices left unlocked and unattended can also be an opening for an attacker to steal data and financial information.
• On-site servers left in insecure locations can be stolen over a weekend, or accessed by unauthorized employees.

Tips to Harden Physical Security

• Lock your paper files, server rooms and make sure back-of-building entrances can only be opened from the inside during business hours.
• Keep an inventory of devices and purge data that is no longer needed.
• Limit internal access to only those who need it, and audit that access so you know who accessed information and when.
• Enforce your policies through regular inspections, company-wide training, and scheduled reminders.
• Require lock policies on all devices (Desktops, laptops, tablets, and phones) that have access to company data.
• Require complex passwords and MFA (Multi Factor Authentication) everywhere.
• Limit login attempts to prevent dictionary attacks against password-protected systems.
• Use encryption at rest and in transit.
• Properly shred paper documents and use software to permanently delete data from drives prior to disposal.
• Screen people who are allowed to enter your building and sensitive areas.

Protecting your organization from attacks requires vigilance and planning. Failures can be costly. Seek help from qualified Cybersecurity experts like Iowa Solutions and keep your risks as low as possible.