Globally, organizations spend hundreds of billions of dollars every year to protect mission-critical digital investments and protect them from outside cyber threats. Organizations should adopt all of these best practices as they are essential to their success. Despite this, physical security is one element of security often overlooked or undervalued by many organizations.
Physical security is a vital business practice with numerous objectives, including protecting intellectual property and preventing workplace violence. Implementing, improving, and maintaining each component of the organization's physical security program are essential factors in its success.
Let's go over the 7 steps for crisis management.
1. Establish Physical Security Perimeters
Providing security at an organization's facilities should include the use of barriers, card-controlled doors, and manned reception desks. This is especially important for areas with sensitive information or for data processing or management systems. A physical access request and approval should always be required before access is granted to data centers or other high-risk areas. Doors and windows of rooms housing information systems should be locked at all times when left unattended. Taking external measures is also an essential part of safety, especially for offices and other locations below ground level.
2. Implement External and Environmental Threat Protection
Among other forms of environmental or human-made disasters, every organization should consider protection against damage from fires, floods, earthquakes, explosions, civil unrest, etc. Information systems and employees can be protected by defining such controls. Fire detection and alarm systems should be installed as soon as possible, and suitable fire suppression systems, like sprinklers, should be in place throughout the facilities and inside secure areas with information systems. To detect water leaks or possible flooding, water detection devices should be installed on raised floors as well as in dropped ceilings. Install, maintain, and verify that all master shutoff valves work properly to protect information systems from damage caused by water leaks.
3. Provide for Safe Equipment Placement and Protection
Systems and devices containing sensitive information should be kept in secure environments. Equipment should be protected and secured to minimize the risks of environmental threats and hazards. The performance capabilities of supporting utilities will be affected by adding new infrastructure devices, servers, or other systems and tools. An enterprise security professional should evaluate their tools and utilities before installation to ensure any new infrastructure or other hardware devices can be supported. Wireless access points, gateways, network equipment, communications equipment, and telecommunication lines should all have physical access limitations.
4. Manage Supporting Utilities
Electricity, natural gas, water supplies, sewage, heating, ventilation, and air conditioning (HVAC) are some of the utilities that must support the various systems and personnel. An electrical supply that meets equipment manufacturer specifications is necessary for these utilities. Uninterruptible power supplies (UPSs) can safely and adequately shut down critical business equipment. It is essential to install emergency lighting and regularly check its operation before a power outage occurs. Data centers and equipment rooms should have emergency power-off switches to allow a rapid power-down in case of an emergency.
5. Provide Security for Power and Telecommunications Cabling
Those cables that carry power, data, and telecommunications should be protected against interference, interception, and damage. To reduce the risk of handling errors, enterprise security teams should mark all cables clearly and precisely, so they cannot be accidentally unplugged or moved. Its facilities should control physical access to its information system distribution and transmission lines. To avoid unintentional errors, take the time to label and organize cables properly. By addressing cabling today, countless issues can be avoided tomorrow.
6. Secure Information Assets While Off-Premises
Information assets belonging to an organization, such as computers, peripherals, paperwork, reports, software, etc., should never be taken offsite without prior consent. All laptops should be encrypted fully. Regardless of where they are located, information assets belong to an organization. Family members and friends should not be allowed to use these assets. The improper viewing of information by unauthorized audiences poses technical risks and possible risks to the confidentiality of data contained on devices. The staff should take responsibility for all actions performed on or related to the information assets that are assigned to them and should be held accountable for those actions.
7. Protect Physical Media in Transit
It is crucial to protect information-containing media from unauthorized access, misuse, and corruption when the media are transported outside of an organization's physical boundaries. Offsite transfers of media should be encrypted. All media that goes outside an organization should be inventoried. Offsite archiving or long-term storage providers should be required to submit an inventory regularly if an organization uses its services. A provider's security controls must also be tested at least annually.