How to Bolster Data, Physical Security to Make Threats Go Elsewhere
eWeek (12/07/15) Rash, Wayne
Having adequate security requires organizations to think about the risks they are most likely to face and the resources they expect to have on hand. In addition to foreign hackers, risks could include someone sitting in the reception area who has connected via an Ethernet port and launches a man-in-the middle attack on the Wi-Fi router. Organizations need to examine who would benefit if it underwent a disruption, such as stolen server or a former employee connected to the network to download trade secrets. Organizations also need to conduct what security experts call “security in depth” or “defense in depth.” One expert recommends housing a server in a room with a solid door and a lock that requires a passcode to enter. An alarm should sound if the door is opened without the passcode or if someone enters the wrong code more than twice. Side doors or doors to the loading dock should be similarly equipped with secure locks and have alarms that go off if someone forces open the door, enters the wrong code, or if the door is propped open longer than a fixed time. The alarms should connect with the organization’s security control center, but if nothing happens, then they should automatically roll over to the police department. The receptionist should be an armed security guard who controls the locks in doors that lead further into the building, and unless someone shows the right ID or gets past the badge reader, they cannot enter.