Some businesses will spend large amounts of time as well as money on encryption software and firewalls but then neglect the physical security of their business. Physical security is often overlooked and the impact of a physical breach can be the same as a computer breach.
One of the most common occurrences during a physical breach, is when an unapproved person walks into a restricted area, gains access to sensitive systems and information, and walks out of the area without being stopped. Sometimes they will manage to get access to server rooms, install remote access devices or even walk out with storage such as hard drives that contain sensitive information.
Using effective security measures that include the use of things like CCTV cameras, security guards, personnel badges, keypads on doors and alarmed doors can definitely help in preventing a physical security breach.
First line of defense for a business
However one thing that is often not considered is the personnel of a business. The reality is that the first line of defence for a business is its employees. Social Engineering, the act of tricking people to provide confidential information or access, is one of the most common ways that criminals will target a business. The reason is that it’s easier to dupe an employee into providing access than having to use force.
Investing in training and employees wellbeing can establish a culture of awareness and community. In which employees are happy to be part of a team, therefore making them not only security aware but also loyal and less likely to be the internal weak link. However it’s important to highlight that spending a large amount of money on physical security controls cannot ensure that they are performing as designed, if they are not tested correctly and on a regular basis.
It is not uncommon to find security controls in place that can be easily evaded, systems incorrectly set up and that can be bypassed and, alternative access routes where security hasn’t been implemented correctly. Security is an ongoing process and it’s important to have a plan in place to carry out regular check up’s that ensure the physical security and the employees of a business are all up to date.
If you are a merchant that requires technical or PCI DSS help, please click here