We often refer to IT Security checks in the sense of online activity such as anti-virus, firewalls, VPN access and strong passwords. But there is another area of IT Security checks people should make and that involves checking the IT Security of your physical assets.
You may think your IT Security is secure with your server having all the latest updates, your anti-virus installed and working for every user, your firewall locked down tighter than Colditz and your permissions and audit tracking being so secure that if anyone does anything they shouldn’t, it alarms instantly. But if your server is in the office exposed… it invalidates everything in an instant.
Physical IT Security checks should start on the pavement outside your building and should be layered like an onion inwards towards the asset.
Some of the areas your IT Security checks should include are:
1) Perimeter – This is the area on the very edge of your properties boundaries. Are there holes in the fence? Can someone pull up next to the door with a van? Can Wi-Fi signals be received from the outer edge where someone can park in their car and take advantage of the network all day? Is there adequate lighting to deter someone breaking in?
2) Exterior – The car park, entrance to the building and the walls themselves. Is there a guard that patrols or a secure alarm set up? Once again can Wi-Fi be picked up outside? Is the door controlled by a guard or RFID? If RFID, is there a PIN to go alongside the card to stop hackers using the RFID to copy the card and using it? Do the air ducts have traps on them to prevent cats from getting into the building and setting off alarms (yes this can happened).
3) Interior – Once in the front door of the building, what controls are in place to monitor movement? Do visitors check-in? How well trained are the reception or guards on the front desk? Do you let contractors or unknown people into your office where they can snoop out your set up?
4) Restricted Area – This is the area where your server should be. With some form of access control such as key locks, RFID readers, PIN pads and in cases where the budget allows it, biometric devices such as fingerprint, iris and also retina scanners.
Some organisations work in one room offices and cannot afford the expense of locking off an entire room for the sole purpose of maybe one server. A semi-work around for this is to have a locked server cabinet (which can also house the networking equipment) and add access control measures to the whole office.
IT Security checks (online and off) should be vigorously tested with measures put in place to prevent the worst happening. Hackers are known to fully utilise whatever type of workaround they can including using physical attacks an organisation to gain access to their data. If you have concerns about your current set up and require some advice on your IT Security checks, please contact us and we can help ensure your business is protected as much as possible.