Wednesday, May 19, 2010

Don't Forget Physical Security

Many business executives are concerned about protecting their sensitive data and intellectual property. They ask IT to address threats to these assets by implementing firewalls and anti-virus solutions to protect the organization's electronically stored information. What many executives don't know is that their major risks come from internal threats.

Employees already have a sign-on ID and password to the network. By having this basic information, your staff already has access to resources such as customer data and email. However, the greatest risk may be physical access to IT systems.

By having physical access to data centers, servers, backup tapes, laptop computers, flash drives, etc., employees can inadvertently, or on purpose, damage or destroy sensitive data. Contractors, service providers, and other personnel may also be granted physical access to sensitive data.

Altius IT recommends that a physical security review be performed on a regular basis:
  • The first step in the physical security review is an inventory of your assets.
  • Then determine who has physical access to the assets.
  • Evaluate access and the risk to the organization.
  • Make changes as appropriate.
In many cases, it may make sense to bring in an outside consultant who specializes in this area, both to protect your sensitive assets plus ensure that your organization is minimizing its legal liability risks. The International Association of Professional Security Consultants ( has many members that can assist you. Or, contact us and we'll refer you to someone who can help.