Blog / Cybersecurity Isn’t Just About Computer Contents
It also means keeping them physically secure.
When most of us think about cybersecurity, we typically think of things like changing permissions, installing security software, having good passwords, and so on. In fact, it’s easy to get bogged down in the technical minutia, especially because cybersecurity does have plenty of technical aspects to it. But there’s a lot more to it than just how you manage your software.
One aspect of good cybersecurity that’s not quite as well known but still generally understood is having good policies and procedures. Password policies to enforce minimum password complexity are fairly common and generally useful. However, they’re also often looked at as simply an aid to the technical controls. For example, people can complain about, and get an exception made, to Windows passwords settings if there’s no official rule/policy to lay things out (people will do that if they can).
This presents cybersecurity as a set of official rules that are put in place to curb bad behavior, with technical controls that you can fiddle with afterwards to enforce those rules. Then you can just slap in a couple of safeguards like backups for when things go wrong, and you’re done, right? Well, no. While controls like password policies being enforced by software settings are important, there’s another aspect that is often overlooked.
It’s the physical side of things. Having truly good cybersecurity also means paying attention to things like:
- Displays in open area, such as a lobby or reception desk, which should only be viewable by the employee. Hopefully the potential for a breach when anyone can walk in off the street and see confidential information is obvious
- Secure areas, such as server rooms, should be separately and fully secured, not simply relying on a building’s existing security. What that additional security is should be specific to the use case, but the point is that “secure” areas actually need additional protection. Otherwise they’re just an area.
- Computer and office layouts, which should be configured so that computers can’t be easily accessed but can be easily monitored, not just sitting in an office space where anyone walking by could easily slip in a USB device or take a snapshot of a screen.
Managing physical aspects of your cybersecurity like the examples above and adjusting for them is also an important part of your overall cybersecurity strategy. Remember that bad actors can still compromise computers even without malicious downloads or phishing emails. Jus being able to watch someone type in their username and password can be enough for someone to gain illegitimate access to your data. Keeping computers and the information secure means you need to look at everything about the whole situation.
In that vein, I’ll turn to that most famous of plays, Macbeth for this week’s bit of Shakespeare; “And you all know, security is mortals’ chiefest enemy.”
If you’d like help evaluating your overall cybersecurity profile, including physical dangers and office layout, contact one of TRINUS’s cybersecurity experts today and discover for yourself the value of stress-free IT.
Be kind, courtesy your friendly neighbourhood cyber-man.