In the world of bits and bytes, the act of stopping hackers and preventing unauthorized access to data can seem like the highest information security priority. But physical security of electronic information is just as important—and often overlooked. It’s not uncommon for organizations to spend lots of time on information security only to leave rooms with servers and workstations unlocked—allowing anyone to wander inside.
Any city—even a smaller city—needs physical security for its onsite technology. Don’t make it too easy for a disgruntled employee or member of the public to damage or access information from a server or computer. Your liability greatly increases when you lack good physical security for your technology.
So what do you need to do? Physically lock down and prevent unauthorized access to your technology through the following best practices.
In many cases, this will be a room with servers that contains some of your city’s most critical information. You need to house any machines with sensitive data in a locked room. For example, that means not housing servers in an office where employees sit at their desks. Employees should only access a server room through some kind of barrier (or locked door) via a key, key fob, or key card.
Only authorized people should access any rooms with servers or other sensitive electronic information. Create clear policies that outline which employees, contractors, vendors, and visitors access these rooms. You also need policies about how you terminate access so that ex-employees or former contractors can’t continue to enter these rooms.
We all make mistakes. But with physical security mistakes, you need policies that mitigate risks from any possible data breaches. Let’s say someone misplaces a key fob and it might get into unauthorized hands. Your policy may outline procedures for deactivating the lost key fob, which is much quicker and easier than changing the locks on a door.
In addition to controlling how people enter and exit rooms containing sensitive technology, think about the following physical access procedures:
In case of a disaster, you want to have important physical security protections in place such as:
Taken as a whole, these best practices will lock down your technology and make it difficult for a physical data breach to take place. Plus, these best practices also help with non-human disasters such as fire, flooding, or power outages.
Questions about your technology’s physical security? Reach out to us today.
Original Date: 10/20/2016