What is a physical cyber asset?
Cyber assets are simply programmable electronic devices or pieces of communication network software.
Many people often make the assumption that the only mitigating risks of cyber exposure are spam, phishing, and malware. However, cyber assets can also be compromised physically. It is important to have at least a basic knowledge of the various types of cyber assets in order to protect your company and its data.
1. Secure company facilities
The physical security of a facility depends on a number of security decisions. It is easy to think about physically securing your company’s facility as merely an exercise in maintaining control of access points and ensuring there is complete visibility in areas that are determined to be high-risk. However, maintaining facility security also includes the physical environment of public spaces.
For example; employees whose computers have access to sensitive information should not have their computer monitors orientated towards publicly accessible spaces. Moreover, employees should also be aware of the risks of writing login information on pieces of paper and then being left out on their desks. Even more importantly, easy to grab equipment that could contain sensitive or personal information should be located away from public areas.
If you are storing extremely sensitive information on a laptop, it is worth installing tracking software. Most tracking software programs run unnoticed in the background and allow stolen computers to be located more easily. Finally, it is worth considering implementing a badge identification system for all employees. You should train employees to stop and question anyone in the business area without a badge.
2. Minimise and safeguard printed materials with sensitive information
The most effective way to minimise the risk of losing control of sensitive information from printed materials is to minimise the number of printed materials that contain sensitive information. Establish procedures that limit the number of copies of printed reports, memoranda and other material containing personal information.
Safeguard copies of material containing sensitive information by providing employees with locking file cabinets or safes. Make it a standard operating procedure to lock up important information. Train employees to understand that simply leaving the wrong printed material on a desk, in view, can result in consequences that impact the entire company and your customers.
3. Ensure mail security
Your organisation’s mail system can introduce a wide range of potential threats to your business. Your center’s screening and handling processes must be able to identify threats and hoaxes and eliminate or mitigate the risk they pose.
Managers should understand the range of screening procedures and evaluate them in terms of your specific operational requirements.
4. Dispose of rubbish securely
Invest in business-grade shredders and buy enough of them to make shredding convenient for employees. Similarly, Businesses should employ a trusted shredding company that will provide locked containers for storage until documents are shredded. Develop standard procedures and employee training programmes to ensure that everyone in your company is aware of what types of information need to be shredded.
5. Dispose of electronic equipment securely
Be aware when emptying the recycle bin on your desktop or deleting documents from folders on your computer. Taking this measure may not permanently delete the information from your hard drive. Those with advanced computer skills can still access your information even after you think you’ve destroyed it.
Disposing of electronic equipment requires skilled specialists to ensure the security of sensitive information contained within that equipment. If outside help, such as an experienced electronic equipment recycler is not available or is too expensive, you should at a minimum remove computer hard drives and have them destroyed.
6. Train your employees in facility security procedures
A security breach of customer information or a breach of internal company information can result in a public loss of confidence in your company and can have devastating consequences for your business.
In order to address such risks, you must devote your time, attention and resources to the potential vulnerabilities in your business environment. Security training should be stressed as critical and reinforced through daily procedures and leadership modelling.
It is essential to establish procedures along with training your employees to physically protect your company. Protecting your company’s cyber assets will allow for a secure working environment for you and your employees.
Your company must take these simple yet effective measures in order to ensure you are at less risk of being affected by physical exposures.Would you trust a company with your data if they weren’t taking essential precautions? We wouldn’t!
If you are looking for additional information or sample workplace policies, please contact your CyberBee representative.