Lock up
your servers!
Jason Appel,
Security Practice Manager, Sage Computer
One aspect often overlooked when securing our information is physical security. The goal of physical security is to control who can walk up to the information and touch it. The idea is to prevent unwanted information disclosure, loss, or corruption, the same as when securing the information across the network or from the internet. The difference is that physical security deals with the "real world".
For most of us, this doesn't mean training your Chihuahua as an attack dog or outfitting your employees with dark shades, cheap suits and sleeve microphones; it simply means using some common sense.
Before we can take measures to physically secure our information, we need to know what type of information needs to be protected. There is no need to post armed guards around your product catalog after it's been published: it's meant to be seen by others. Before it's published could be a different story as you may not want your competition getting a sneak peek. In other words, we need to classify our information.
While there are many excellent information classification schemes, they all boil down to one question: who needs to have what level of access. The rest is deciding how to limit access to just those people. With this in mind, there is one common sense step we can take to beef up our physical security in the typical small office. Lock it up.
While it may be true that "a locked door only stops an honest man", locks go a long way towards letting people know what is out of bounds. If the file cabinet has sensitive information in it, lock the cabinet or put it in a locked room.
If your network server is vital to your business operations, make sure it's locked up to limit who has access to it. Remember, loss of services such as email, files, printing, faxing, and internet can mean the loss of access to vital information. Thus tripping over the server's power cord could be classified as a "Denial of Service" (DoS) attack.
Sometimes, it's just as important to have taken all reasonable steps to secure the information, as it is to actually prevent unauthorized access to it.
If you are uncomfortable with the way you are currently classifying your information or concerned about locking up your servers, feel free to contact your Account Manager at Databranch for more information.