Headlines are often made by firms that have been hacked by "elite" cybercriminals. These events sound high tech, sophisticated, and interesting. The truth however, is almost always an amateur attacker chancing their luck with an unpatched security hole or bad password. Physical break-ins affect businesses far more commonly and cause much more damage, but get talked about far less.
Similar to technology hacks, most physical security threats come from criminals that chance their luck on businesses that look poorly secured. On a rare occasion, they may strike a business owner that has forgot to lock up or failed to set the security alarm.
By breaking in, these criminals exploit poor physical security to cause damage and steal valuables. Typically, by destroying or taking critical assets, a criminal may make a few hundred in profit while the total damage done to the business is counted in the tens of thousands.
While most IT security packages act automatically and always remain on, physical security needs to be made a daily habit and require periodic updates.
Threats Starting from Within
Every business should have secure locks protecting their doors. Many use an alarm system to add protection to valuable assets. However, there are common threats that neither of these can protect you from. How would your business be protected if the attack came from within your firm?
A disgruntled employee, or even a former employee, can do an enormous amount of damage to a business. Attacking their own business, an employee can likely do more damage during the day than a criminal could breaking-in overnight. Misplaced trust in the wrong individual can result in devastating consequences.
Employees typically have access to one of your business's most valuable assets: data. A criminal may steal computer hardware to sell on for quick cash because most don't fully understand the value of the data stored on it.
When an employee leaves your company, it's important to take stock in what ways they had access to the premises. Door codes should be revoked or changed and, if necessary, key locks should be swapped to ensure that any potential access the now ex-employee may have no longer works.
This goes even for employees you part with on good terms. That employee may not think twice about tossing their access key into the trash or the piece of paper they had the door code written on. That type of carelessness can lead to major headaches for you down the road.
Physical Security Heists
For criminals who do understand the value of data; physical security can be the weakest spot in a business’s armor. In 2013, media streaming service Vudu suffered a break in where criminals stole server hardware to obtain credit card information stored within.
A technology savvy streaming firm is highly likely to have up-to-date IT with excellent security measures. Thieves looking for easy cash recognized that the best way to get to the data was through their comparatively weak physical security.
The best security packages in the world are completely ineffective if the keys are left in the door and physical hardware is easy to remove. This challenge of securing your data can be made even more difficult when using a location that must remain open to the public.
In smaller towns, the risk is even greater as there is a much higher likelihood less attention is paid to security. This is because many these tight-knit communities simply trust that nothing will happen to them because they're out of the way.
Securing Your Business with Good Security Practices
Keeping your customer data safe is one of the most significant responsibilities small business owners take on. It requires a duty to employ the best possible security practices to keep your customers safe. For a customer to have the trust to use your business over the competition, they have to see their concerns put to rest.
Locking down data access for employees so they can only view and edit what is strictly needed, protects both customers and the business against many kinds of damage; both accidental and malicious. Limiting device access, such as disabling USB ports to thumb drives or storage devices, helps to prevent data being copied and carried offsite.
Physically locking down a server in the location it sits is one of the best deterrents available to prevent against theft. Locked server racks are an excellent piece of physical security that works on top of the building security already in place.
Good physical security is an ongoing process but it is one that should definitely not be overlooked. If your company conducts quarterly or yearly reviews of it's workings and processes, consider putting physical security on that list if it's not already there.