Gretel Egan | April 01, 2015

Risky Business: Lax Physical Security

Last updated: January 15, 2019



For the most part, physical security measures are relatively low-tech safeguards that can pay big dividends with regard to protection of people, assets, and systems. Then why do so many organizations and employees overlook these measures or take them for granted?

Physical security is tightly linked to cybersecurity. How? Consider the ramifications of a server room door being left ajar. Or what might happen if an imposter posing as a maintenance worker gained access to critical systems. Or the implications of a lost device that contains sensitive information. Security awareness training can help to prevent these types of actions from happening — and the breaches that could occur as a result.

Many organizations — small businesses in particular  forgo the expense of physical access controls such as card readers, receptionists, security guards, and visitor logs, leaving themselves only partially protected on this front. If you’re not fully protected, you’re gambling not only with the security of your networks, assets, and intellectual property, but with the safety of your employees. You’re also taking a high-stakes risk with your reputation. Should a breach happen within your organization and it come to light that basic physical safeguards were not in place, senior managers and C-level executives are likely to face significant scrutiny and costly ramifications.


Try Our Interactive Training Modules


Three Physical Security Practices to Implement Today

If you are being lax about security controls, you are putting your business at risk. Physical safeguards aren’t just for prevention; proactive measures like surveillance footage and access logs can also aid in investigations following a security incident.

But you should also take a people-centric view of physical security by making employees aware of the processes and procedures they can follow to better protect themselves and your organization's assets. Our interactive training module about this topic is designed to help your end users understand their roles in maintaining a safe, secure workplace. Here are three simple, effective practices to require of your employees today:

  • Never share access credentials – Employees should never lend their access badges, key fobs, or security tokens to coworkers or outsiders. Credentials, log-ins, and passwords must maintain a one-to-one ratio in order for audit trails and access logs to be effective and useful.  
  • Be strict about the security of business areas – Other than open-access, public spaces — like lobbies — virtually every part of a workplace is a restricted area. Individuals should not be given undocumented access or wander unescorted through hallways and offices. With highly restricted areas — like server rooms and research labs — it’s critical that access be limited to as few individuals as possible and that employees take extra measures to ensure doors remain locked and that unapproved individuals are denied entry.  
  • Be vigilant about devices and data – With mobile devices, your organization’s data and systems are on the move. Your employees need to ensure that smartphones, tablets, and laptops are secured at all times. It takes just a moment for a thief to snatch up a device left unattended in public. Security is important in the workplace as well; all devices should be password-protected, and computers and systems should be locked when not in use. These measures help prevent unauthorized access to confidential data and systems.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now