Hacking costs the world a lot of money. That’s an understatement.

Worldwide, hacking will cost about $6 trillion annually by 2021, making it the most lucrative criminal enterprise on the planet, even surpassing the drug trade.

While projections like this are best guesses based on future trends, the fact that cybercrime is the fastest growing crime in the U.S. is a verified truth.  

For most, physical threats to information system infrastructure don’t come top of mind when they think about vulnerabilities. That’s in part because the presiding culture tells us that the most potent hackers are sitting in a dark room somewhere furiously typing away code for their next hack. 

But even the best firewall and most expensive anti-virus software won’t stop someone accessing your system physically. 

Here’s what you can do about this real threat to your business. 

Take Physical Threats as Seriously as Digital Ones

Most businesses know how to teach employees to use the Internet safely. 

Don’t open suspicious emails, especially attachments. Never give usernames or passwords electronically. Use the VPN when you’re not using the office network. 

But there are a few things that most don’t cover, like not allowing anyone into the same room as your servers unattended. 

This is how you prevent in-person social engineering attacks which can have a success rate of 79%.

Back the server room example — say you work in a building where your business leases space. A guy rolls in with a toolbox, flashlight, and ladder. He says he needs to check inside the roof panels for leaks from the roof. He says he needs to check every room. 

Of course, no one is going to want to babysit this guy: they have better things to do and that’s socially awkward. If you let him roam free, he only needs a few seconds to stick a USB into a server and take or implant data. 

Also, be sure you have cloud data storage policies that give you a backup in case of an issue.

Laying out Plans

The best way to prevent physical threats to your I.T. system is to have clear protocol. 

Concluding the example above: First, no one outside of the company being allowed in the server room alone could have prevented this. Second, if anyone asks to get into the server room, they must have a clear purpose to do so. So, asking questions would have been important. 

Another key example is having a mobile device policy. Are people allowed to take work-provided mobile devices home? If so, do you provide a VPN and remote monitoring/wipe if it’s lost? 

Also, do employees know not to leave laptops open when they walk away while using in public? Do they have a robust passcode? 

Answering all of these questions is vital to protecting your data. 

 

Are You Protected? 

No matter how much the world and business move into the digital realm, we are still live in a physical space where even simple actions can have profound impacts. 

Reach out today to bounce your questions off of us about how to keep your workspaces safe from physical threats. 

For more insights on the frontline of I.T. from industry experts. see our latest posts on the right of the screen.