Security Articles

All Posts

7 Steps for Crisis Management

 

Globally, organizations spend hundreds of billions of dollars every year to protect mission-critical digital investments and protect them from outside cyber threats. Organizations should adopt all of these best practices as they are essential to their success. Despite this, physical security is one element of security often overlooked or undervalued by many organizations. 

 

Physical security is a vital business practice with numerous objectives, including protecting intellectual property and preventing workplace violence. Implementing, improving, and maintaining each component of the organization's physical security program are essential factors in its success. 

TC_SecurityPlan_CTA

Let's go over the 7 steps for crisis management.

1. Establish Physical Security Perimeters 

Providing security at an organization's facilities should include the use of barriers, card-controlled doors, and manned reception desks. This is especially important for areas with sensitive information or for data processing or management systems. A physical access request and approval should always be required before access is granted to data centers or other high-risk areas. Doors and windows of rooms housing information systems should be locked at all times when left unattended. Taking external measures is also an essential part of safety, especially for offices and other locations below ground level. 

2. Implement External and Environmental Threat Protection 

Among other forms of environmental or human-made disasters, every organization should consider protection against damage from fires, floods, earthquakes, explosions, civil unrest, etc. Information systems and employees can be protected by defining such controls. Fire detection and alarm systems should be installed as soon as possible, and suitable fire suppression systems, like sprinklers, should be in place throughout the facilities and inside secure areas with information systems. To detect water leaks or possible flooding, water detection devices should be installed on raised floors as well as in dropped ceilings. Install, maintain, and verify that all master shutoff valves work properly to protect information systems from damage caused by water leaks. 

3. Provide for Safe Equipment Placement and Protection 

Systems and devices containing sensitive information should be kept in secure environments. Equipment should be protected and secured to minimize the risks of environmental threats and hazards. The performance capabilities of supporting utilities will be affected by adding new infrastructure devices, servers, or other systems and tools. An enterprise security professional should evaluate their tools and utilities before installation to ensure any new infrastructure or other hardware devices can be supported. Wireless access points, gateways, network equipment, communications equipment, and telecommunication lines should all have physical access limitations. 

4. Manage Supporting Utilities 

Electricity, natural gas, water supplies, sewage, heating, ventilation, and air conditioning (HVAC) are some of the utilities that must support the various systems and personnel. An electrical supply that meets equipment manufacturer specifications is necessary for these utilities. Uninterruptible power supplies (UPSs) can safely and adequately shut down critical business equipment. It is essential to install emergency lighting and regularly check its operation before a power outage occurs. Data centers and equipment rooms should have emergency power-off switches to allow a rapid power-down in case of an emergency. 

5. Provide Security for Power and Telecommunications Cabling 

Those cables that carry power, data, and telecommunications should be protected against interference, interception, and damage. To reduce the risk of handling errors, enterprise security teams should mark all cables clearly and precisely, so they cannot be accidentally unplugged or moved. Its facilities should control physical access to its information system distribution and transmission lines. To avoid unintentional errors, take the time to label and organize cables properly. By addressing cabling today, countless issues can be avoided tomorrow. 

6. Secure Information Assets While Off-Premises 

Information assets belonging to an organization, such as computers, peripherals, paperwork, reports, software, etc., should never be taken offsite without prior consent. All laptops should be encrypted fully. Regardless of where they are located, information assets belong to an organization. Family members and friends should not be allowed to use these assets. The improper viewing of information by unauthorized audiences poses technical risks and possible risks to the confidentiality of data contained on devices. The staff should take responsibility for all actions performed on or related to the information assets that are assigned to them and should be held accountable for those actions. 

7. Protect Physical Media in Transit 

It is crucial to protect information-containing media from unauthorized access, misuse, and corruption when the media are transported outside of an organization's physical boundaries. Offsite transfers of media should be encrypted. All media that goes outside an organization should be inventoried. Offsite archiving or long-term storage providers should be required to submit an inventory regularly if an organization uses its services. A provider's security controls must also be tested at least annually. 

Robby Coles
Robby Coles
Robby Coles is a born and raised Nashville, TN resident. He has been a marketing content writer for the past 14 years and has recently joined the Thinkcurity team as a Content Marketer. He enjoys writing compelling content that drives engagement. Robby is a wine enthusiast and dog dad that splits his time between Nashville, TN and Vienna, Austria.

Related Posts

What We Learned from the Physical Security Trends Report

As a leading provider of security workforce management software, Trackforce Valiant & TrackTik ran an annual survey report to help our industry partners maximize employee retention and profitability, and take advantage of trends and best practices affecting the security industry.

6 Ways to Improve Company Culture

Nearly 33% of employees in the U.S. are considering quitting their jobs, while 25% have actually resigned over the past six months, citing “toxic company culture” as their No. 1 reason for leaving, according to research by FlexJobs. Company culture is the personality of a company. It makes some companies more fun to work for, and others less so. The best companies are always looking for ways to improve their company culture so that it attracts top talent and keeps employees happy for years to come. But how exactly do you achieve this? Here are seven ways to improve your company culture. 

Selling Guard Service to the Government - A License To Hunt

Government agencies have mandates for large businesses to subcontract a percentage of their contracts to qualified small businesses. Additionally, the Government has numerous programs specifically designed to afford small businesses an advantage over their larger competitors, better known as “set asides.”