Are You Making This Huge Data Security Mistake?
Everyone knows how dangerous online hackers are. From leaked celebrity photos to massive retail store breaches, we know we need to keep our data safe when we’re online. When it comes to keeping data from falling into the wrong hands, it’s easy to assume that the biggest threats are the ones you can’t see.
However, while electronic threats like malware, brute force attacks, zero-day exploits, phishing, and more are certainly very real, they are not the only threats you need to be concerned about. Hacking attacks might get a lot of attention, but data loss due to physical security breaches is also common. Without the right security measures, it’s entirely possible that a criminal could gain access to your network and steal your data simply by physically accessing one of your machines. A lost laptop, an unlocked server room, an unattended desk — all of these could lead to a serious and costly data breach, no hacking required.
No Security Equals Major Losses
If you aren’t convinced that physical security is important for protecting networks and data, consider these recent incidents:
- In 2006, an employee of the Department of Veterans Affairs took home a laptop containing the personal information — including names and Social Security numbers — for more than 26.5 million discharged veterans. The laptop was stolen from the home, potentially exposing that information.
- In 2013, 45 percent of all data breaches involving protected health information (PHI) were due stolen computers. The largest PHI breach last year, which exposed just over 4 million records, was due to the theft of four desktop computers from an office space.
- Thefts of laptops from cars and offices within the University of California system have exposed personal data from more than 250,000 people, including students, participants in UC research studies, and blood donors.
These are just a few of the largest data breaches from the past few years, but they show that cyber criminals don’t always have to resort to complex methods for stealing data. Sometimes, they just need to walk right through the door and take what they want.
Physical Security: Who Has Access to Your Stuff?
A physical security plan is a vital part of your overall IT security plan and should be treated with the same care and urgency as your electronic security. To that end, consider the following as part of your security plan:
Strict Employee Policies. Because so many of the largest data breaches are due to stolen laptops and mobile devices, it’s important to have strict policies in place regarding which machines can leave the premises and with whom, as well as the capability to remotely lock or wipe devices in the event of a theft. It’s also important to limit access to sensitive data via mobile machines.
Two-Factor Authentication. In the wake of high-profile data breaches such as the recent Heartbleed Bug, two-factor authentication is gaining traction as a viable means for protecting data even in the event that a criminal accesses a username and password. Require employees to use two-factor authentication to access their machines or protected data. Two-factor authentication should also be used to protect your physical premises, or at the very least, server rooms. An ID card and password, for example, add an extra layer of protection.
Secure Colocation. In many ways, opting to work with a colocation center to store your servers is a more secure option than storing them onsite. Secure colocation allows you to defray the costs of physical security while still protecting data via 24-hour monitoring (in some cases, by armed guards), controlled access, and in most cases, a nondescript appearance that does nothing to indicate the wealth of data stored inside.
Biometrics. Many companies shy away from using biometric technology to control access to data, but advances in the technology have made it more affordable and easier to use than ever before. Biometric scanners can provide a layer of protection that’s exceedingly difficult to penetrate, making it the ideal choice for control access to server rooms or as a second factor in two-factor authentication.
These are just a few ways that your company can control the physical access to data and prevent a serious breach. Of course, in many cases, simple, common sense techniques are the most effective. Remind employees to close programs and lock their computers when leaving their workstations, for example, and to avoid leaving vulnerable information out in plain sight where a criminal could pick it up. When everyone takes security seriously, and all of the risks are considered, the chances of a serious data breach decrease significantly.
The following article is from one of our external contributors. It does not represent the opinion of Benzinga and has not been edited.