4 Tips for Implementing Physical Security

Posted on April 26, 2019 - by Darren Gallop - in Building Your InfoSec Program

In our world of online information security, most of the time people are thinking about passwords and server protection. While these are obviously very important things to be thinking about, one huge part of security is being overlooked; physical security.

Small businesses are really not thinking about physical security. Even when managers do think about physical security, they’re not entirely sure how to implement a strategy into their business. We are working in modern times where shared workspaces are a reality for many new businesses. Models like WeWork are changing the way people go to work every day.  

So securing workstations and devices is becoming more and more difficult. But here are a few strategies that can be implemented today:

Define Physical Assets
Take an inventory list of the physical assets that need to be secured. Things like laptops, printers, servers, filing cabinets, etc. Any physical object that stores data critical to the business.

Risk Assessment
Once that list is complete, now it’s time to assess all of those assets. What is stored on/in those assets and any potential negative impact if they are compromised. Have that conversation with your security team will give you an idea of which assets need to be moved to the top of the priority list.

Remove and Consolidate
During the process of defining your physical assets, you may realize that there are things like five computers that nobody is using that are storing data or a server that isn’t being used anymore. Look for opportunities to consolidate, or remove, these items to simplify operations.

Secure Assets
Looking back on the “risk assessment” step you will know which assets will hurt you the most if they are compromised. Implementing common physical security controls around these assets will strengthen your security posture. Things like door locks, lighting, security cameras, safes, and secure storage cabinets. Also, make sure that you are not leaving devices with sensitive data out in the open when you are traveling.

About the author

Darren Gallop is a tech entrepreneur, information security expert, Techstars alumni, board member, and the CEO of Securicy. He co-founded Securicy and led the team to develop a SaaS product that guides businesses through creating, implementing, and managing their information security and privacy compliance program. Gallop previously co-founded Marcato and was CEO there for 10 years, until the successful event management software company was acquired by Patron Technology. He is fluent in English, French, and adept in Spanish. Gallop spends much of his non-work time traveling or engaging in the outdoors. Swimming, fly fishing, canoeing, camping, and surfing (basically in that order). He is from Nova Scotia, Canada.