With stories of computer security breaches filling the news nearly every week, most small business owners are very aware of how important it is to protect their IT network. There are additional considerations for the physical office environment that can often get overlooked and expose an organization to data loss.
Here is an easy place to start: review the positioning of the monitors in your office. If they’re visible from a lobby or office corridors, anyone walking by could get access to sensitive information on the screen. If your screens are visible through a window, a powerful camera could be used to record the data on the screen. Turning monitors so they face interior walls is the easy fix for this issue. If turning the monitors is not an option, you can pick up privacy screens that are fairly inexpensive.
Do all your users always log off their machines? Be sure that a screen lock policy is set so when users forget to log out or step away for a break, machines will automatically lock up after a set amount of time passes.
Remind employees to not post their passwords at their desks. A sticky note with a password on a monitor basically defeats the purpose of having a password. Another issue can be using pictures, objects and other personal desk items as passwords. Remind your team that making their password “paris” when a photo of the Eiffel Tower sits on their desk may not be the best choice.
Check your conference rooms. Most companies rightfully focus on external security but can remain vulnerable to an attack from inside their office. Ensure that the network connections in the conference room are properly segmented from the rest of your network. Without this division, someone who simply plugs into an outlet can bypass the majority of your security measures.
What happens to all your old tech when you upgrade ? Unused phones, tablets, laptops and even scanners and printers are often parked in a storage room where anyone could remove the old devices — and the data that is often still stored on them. Locking all your devices inside secure areas is a simple best practice to follow. Limit access to the old equipment and record anything that goes in or out. If you must dispose of them, be sure to use an eco-friendly recycling facility that also provides certified data destruction.
Are your server and other network devices physically secured? Make it a policy that the server cabinet (or room) needs to always be locked when no one is working on them. If the servers need to be placed in a common area, like a storage room, it’s important to have a way to lock the door of the server cabinet. If there is a monitor attached to the servers, a lockout policy should be set so it’s never left open.
USB thumb drives cause two main problems for security. If it’s necessary for employees to use USB drives to transport files, consider using drives with preinstalled encryption. You may also add software that protects data during the file transfer process.
The other threat posed by USB drives is that they are frequent attack points. Add a requirement to your security policy that any USB drives used at work must be purchased from a reliable source. Hackers often install viruses and other malicious code on USB drives and rely on employees who receive a “free thumb drive” to introduce the infected files to a business network for them.
If USB drives are not necessary then it’s a good idea to configure your machines to prevent access. Depending on your network, this can be done via active directory or on the individual machine level.
Contact Marathon today to learn more about our onsite audits and how to improve the security in your office.