That’s what my dad used to say whenever I forgot to lock the front door, reflects Sr. IT Consultant, Mike Oster. As if he had some sort of insight into the low crime rate of Kansas. Well, now I’m going to say it to you: “We don’t live in Kansas, ya know.”
I bet you’re doing all the right things when it comes to cyber security. You have a good firewall. You’re using VPN for remote access—complex passwords…the works. But what are you going to do when some bad guy walks into your office, picks up your server and walks away with it?
People often overlook physical security when thinking about keeping their data safe. Well, they shouldn’t. Keeping your data physically secure is every bit as important as keeping it technologically secure.
Physical security starts with the server room. Your servers need to be in a locked room or cabinet with limited access, period. No shortcuts here. Putting your data in a closet with the printer paper doesn’t count. Only people that require server access should have access to the server room.
While we’re talking about server rooms, it’s not just for servers any more. All of your network equipment should be locked in here as well. Having your network switches or firewall out in the open is just inviting someone to plug their laptop in to see what they can see.
Don’t forget your backups. Whatever device(s) you’re storing your backup on needs to be locked up as well. As long as we are talking backups, let’s not keep your backups in the same room as the server. Where possible, try to store your backup in a separate locked room from your server. You know the old adage...something about eggs and baskets.
Let’s not leave workstations and laptops out. These devices are particularly susceptible to being physically compromised. It would be difficult, if not impossible, to keep all of your employees’ workstations under lock and key. So, what can we do? Well, we already determined you are using strong passwords for all users, right? If not, do that first. Go ahead, I’ll wait…Welcome back! With all devices protected with strong passwords, the next step would be to encrypt the hard drives in those devices. That way, even if a thief makes off with the entire computer, they cannot get to the data—even if the drive is removed from the computer. Laptops are especially vulnerable due to their small size and portability. You may want to consider a “phone-home” type service that can help locate, or possibly completely erase, a lost or stolen laptop. Did you know that IT Radix offers a service that protects company laptops that is similar to “LoJack” for cars?
So when you’re thinking about keeping your data safe, don’t forget to lock the front door!
First published in our November 2015 IT Radix Resource newsletter