Physical Security Leads to Cybersecurity

Workplace Physical Security Is an Essential Component of Cybersecurity: 11 Ways to Better Protect People, Devices, and Data

Theft that takes place inside the workplace is more common than many people think. From within your own building, opportunistic thieves could steal computers, valuables, and even employees’ identities. That’s why experts recommend that companies strengthen their physical security practices—such as monitoring entry points and locking up hard copy files—to better protect data and equipment. Learn these 11 ways employees can help boost workplace security, plus 5 considerations for HR and facilities teams.

Better Physical Security Can Lead to Better Cybersecurity

When considering how to bolster your organization’s cybersecurity, the first thing that comes to mind may be technical solutions like firewalls and encryption. But experts say, in reality, most data thefts are more mundane, and a thief is just as likely to steal a device from inside your building as they are to hack into your network from another continent.

The profile of an office thief can vary widely —from a desperate employee to a seemingly innocent visitor to a member of the cleaning staff. Savvy criminals may even pose as legitimate service people, such as a utility company representative, in a type of social engineering in which a criminal attempts to steal as soon as an employee is distracted.

Common things stolen from the workplace are items of value (mobile phones and laptops), items of convenience (pens and office supplies) and, perhaps most frightening, company and employee data. Thieves may access data by stealing an entire computer, by moving the information onto a more portable drive, or even by infecting a device with malware so that it can be accessed at a later date.

Your employees’ identities could also be at risk in the workplace through the theft of a wallet or bag, or even confidential documents on the printer.

11 Employee Practices to Better Physically Protect People, Devices, and Data

It’s not all bad news. Employees can help organizations maintain and even improve both physical security and cybersecurity. Here are 10 best practices to consider for your employees.

Safeguard entry points - Employees should help monitor and control who enters the workplace and never share access codes or keys. Experts warn that employees need to be wary of “tailgating,” which is when a criminal takes advantage of an employee holding the door open for the person behind them.
Be vigilant about visitors - All employees should be trained on the proper procedures for handling office visitors. One option is to use the buddy system for all visitors, which could mean requiring employees to escort their visitors in the office at all times. Employees should be encouraged to check the identity of any unaccompanied visitors and escort them back to the appropriate host employee.
Maintain physical control of devices - Criminals are opportunists and often watch for unattended devices, so it’s best for employees to keep mobile devices such as laptops and smartphones with them at all times. Consider using the additional protection of a security cable for laptops to affix them to the desk.
Lock up valuables - Employees should lock purses, wallets, keys, and any other sensitive or valuable items safely in a drawer or cabinet when they are away from their desk or workspace.
Use the clear-desk policy - Consider instituting a clear-desk policy that encourages employees to lock up documents and devices when they aren’t being used. It’s also a good idea for employees to log out of their computer whenever they leave their desk.
Use safe printing practices - Encourage employees to promptly collect any documents from printers and copiers.
Secure sensitive hard copy files - Consider storing all of the company’s paper files that contain sensitive information in a locked cabinet or room. This rule should also apply to any electronic drives or devices in which sensitive information is stored.
Shred documents - Sensitive documents should always be shredded before they are thrown away or recycled.
Report facilities problems - Empower all staff to report any broken or faulty doors, windows, and locks to facilities personnel as soon as possible and to never assume someone else has reported the problem.
Report suspicious activity - The US Department of Homeland Security advises employees to always report suspicious behavior in or near the workplace, including recording and monitoring activities, suspicious people loitering near the business, or extensive questioning by an individual.
Know the response plan - All employees should know the steps to take if equipment or data is lost or stolen. The Federal Trade Commission provides more information on creating a response plan in its guide, Data Breach Response: A Guide for Business.

5 Additional Considerations for HR and Facilities Teams

Experts say one of the best ways to prevent office theft may be to hire the right people. Assuming that is always the goal, below are additional considerations to help create better physical security in your workplace. You may want to consult with your insurance company or local crime prevention officer for additional physical security recommendations for your organization.

Strengthen access controls - Depending on the size of your office, more secure access control could be as simple as a strong lock for your single-point entry or as high-tech as a PIN-entry system or facial recognition.
Issue ID cards - ID cards provide an easy way for reception or security personnel to more quickly monitor everyone entering the building, and it also makes anyone without an ID card more noticeable as they move around the office.
Consider surveillance - Video surveillance can certainly help record a security incident if one occurs, but experts say it also has a psychological impact. Visible cameras and signage can often help deter office crimes.
Create a security culture - Experts say that one of the most important things HR teams can do for an organization’s physical security is to ensure that employees take security seriously. Regular training sessions can help emphasize the importance of good security practices and remind employees how they can contribute to a safer work atmosphere.
Conduct an annual physical security assessment - Experts recommend conducting a physical security assessment on a yearly basis to identify changes in the environment and update technology and practices accordingly.

More Security Resources

The US Department of Homeland Security provides a guide to Protect Your Workplace in terms of both physical security and cybersecurity.
The Federal Trade Commission provides more information on creating a response plan in its guide, Data Breach Response: A Guide for Business.
For more information on protecting data while employees are traveling or working remotely, read 14 Tips for Better Cybersecurity for Road Warriors.