Let’s Get Physical

Let’s Get Physical

“Dad, the house alarm went off!”

This is not great news at any time of day, but it’s especially unnerving when your 11-year-old daughter wakes you up at midnight to share it with you.

But something didn’t seem quite right. Whenever the house alarm had gone off before, there was absolutely no doubt what was happening – it sounds like a firetruck is driving through the living room.

In any case, I was now awake. So I jumped out of bed and went downstairs to investigate, no doubt casting an intimidating presence in my underwear.

Nothing found. I checked the alarm panel again. No problems indicated.

But then, as I went to look in on my already-fast-asleep daughter, a story started to form. I looked out her bedroom window at the neighbor’s house. Sure enough, all the lights were on – she must have heard their alarm!

Physical Security is a Contact Sport

You won’t be surprised to learn that here at Fractional CISO, most of our thought and attention is focused on digital security … things that, for the most part, can be evaluated, applied, tracked, and fine-tuned from a computer, anywhere in the world.

But, as with your home, physical reviews are equally important for ensuring the security of your business.

Of course, 50 years ago, when nearly all your company’s assets (other than financial) were physical in nature, this would have been obvious. Nobody needed to be reminded to lock the doors and keep the valuables out of plain sight.

Today, however, with cybercrime incidents so frequently in the news, it’s easy to neglect the physical part of the equation. The truth is, most businesses don’t seriously consider physical security until something bad happens.?

That’s a mistake. We have clients that make or assemble things, often resulting in hundreds of thousands (even millions) of dollars of inventory on site. And yet, in many cases, the layout and processes involved in moving product and people in and out of the facilities are conceived with ease of manufacturing and transportation in mind – not protection.

And it’s not just businesses that make things that need to stay vigilant. Any business that lets people onto its premises – contractors, delivery people, HVAC specialists, guests, etc. – needs to consider and reduce its physical vulnerabilities.

Simple Fixes Go a Long Way

As the title of one of my recent presentations emphasized, “It’s Not Rocket Science!”?

Yes, there are a lot of things to evaluate. But someone with a good eye for detail can do a fair assessment by walking around the facilities (including the outside), taking photos of notable items, reviewing access logs, examining drawings of the building, and asking questions regarding security procedures overall. Having a look at your facility from above through Google maps can also reveal weaknesses that might otherwise be missed.

Of course, you could spend lots of money on gates, locks, alarms, advanced technology, and even on-site human guards. But you can probably find things that can be corrected with small investments of time and resources.

For example, we had a client whose entrance to the outside was a single glass door. Everyone who walked by had an unobstructed view of lots of valuable equipment. Another client had a poorly lit parking lot in a part of town that was mostly deserted after hours. The fact is, in nearly all my physical security reviews with clients, I see obvious ways in which a bad guy could gain entry.

Fortunately, you don’t need to be James Bond to recognize and correct many of these things. In the two client examples above, better lighting, a few security cameras, and a door that can stand up to more than the swing of a hammer, go a long way.?

Other simple fixes – moving critical servers from the closet in the breakroom to the cloud, for example – are also worth considering.?

Start Now

Ultimately, the decision of what needs doing will come down to assessing the trade-off between experiencing a loss and the cost/effort in prevention. To do that, you’ll need to start by taking a good look around to see where you may be vulnerable.?

Don’t forget your pants!


Want to get great cybersecurity content delivered to your inbox??Click here ?to sign up for our monthly newsletter, Tales from the Click.

This article originally appeared on the Fractional CISO blog .

Stephanie Schor

Senior Assistant Attorney General, advocate for clear writing, artist, singer, mother of two 20-something engineers, and my sidekick’s dog-mom

1 个月

We fired one of our electronic discovery providers because a thumb drive was taken from their [clearly un]locked evidence room by a contractor. Our CIO and CISO take security very seriously.

Bill Richardson

vCISO, Security Practice Leader and HITRUST Assessor with Healthcare Experience at Assured SPC

1 个月

When I started in this business, a long time ago, physical security was security.

要查看或添加评论,请登录

Rob Black的更多文章

  • Prepare for the Cybersecurity Championships!

    Prepare for the Cybersecurity Championships!

    The NBA season kicked off last night. This year, our beloved Boston Celtics are favored to win it all, again! I…

  • What’s Your “After Action” Plan?

    What’s Your “After Action” Plan?

    It shouldn’t have been a problem. After all, what could possibly go wrong helping a vacationing neighbor whose plants…

    7 条评论
  • Do You Have a Golden Cybersecurity Questionnaire?

    Do You Have a Golden Cybersecurity Questionnaire?

    It’s that time of year again – my two kids head off this month to overnight camp. They had a great time last summer:…

    12 条评论
  • Don’t Ignore the Warning Signs

    Don’t Ignore the Warning Signs

    Our house is only 18 months old. At this point, few things need repairing, painting, or upgrading.

    6 条评论
  • Hope for the Best; Plan for the Worst

    Hope for the Best; Plan for the Worst

    This past Saturday was a big day for the Black Family – my 13-year-old son had his Bar Mitzvah. He read from the Torah…

    5 条评论
  • Go Cheap, Get Burned

    Go Cheap, Get Burned

    Earlier this month, while traveling with my family to Sarasota, Florida to visit my parents for the week, I got burned…

    4 条评论
  • Your CTO is Not an Assistant

    Your CTO is Not an Assistant

    Long-time readers of this newsletter may have heard me mention youth basketball once or twice. Okay, four times…

    8 条评论
  • Your Cybersecurity Program Needs Goals

    Your Cybersecurity Program Needs Goals

    It’s not the years, it’s the mileage.” – Indiana Jones Regular readers may remember the February 2023 edition of this…

    5 条评论
  • Who you gonna call?

    Who you gonna call?

    Our 12-year-old son was invited to a friend’s bar mitzvah in Worcester. That’s about an hour from where we live, so…

    2 条评论
  • “Next Level” Your Cybersecurity

    “Next Level” Your Cybersecurity

    “I have always found that plans are useless but planning is indispensable.” -Dwight D.

    8 条评论

社区洞察

其他会员也浏览了