This is a guest article written by Ralph Goodman. The author’s views are entirely his own and may not reflect the views of IT Governance.
When it comes to network security, many businesses do not consider the physical security risks. Your network exists largely as a nebulous ethereal set of connections, but there are anchor points for those connections. Servers, hard drives and desktop computers store vulnerable information that can still be accessed in person. These physical security breaches can significantly threaten your business network. Here is how.
1. Server room access
Many businesses still have a server room. This is the physical nexus of your business network. If someone has access to this room without authorisation, your network is extremely vulnerable. When there are layered security measures offering your server room further protection inside your business, it can be easier to see if the area is accessed. Without locks on the server room doors or surveillance footage, however, it will be difficult to know if the hardware was sabotaged.
With physical access to the server room, criminals can do an immense amount of damage to the network. Remote access can be set up so that the criminals will have access to the servers and their information at any time; backdoors can be left for all types of remote viewing and even control; information can simply be loaded onto a third-party device. When someone breaks into your business, the servers are a tremendous vulnerability. With access to the servers, the criminals can access your entire network.
2. Damaged equipment
Even if nothing is being uploaded or downloaded onto a server or a desktop computer, these items may still be damaged. Data can be lost, the company may need time to replace equipment, and all of these issues are going to result in downtime. While you are getting your network back up, the business is losing money. There is the cost of replacing equipment, but there is also the time spent not being able to conduct business.
You would be extremely lucky to have nothing damaged in a break-in. Criminals’ frustration and carelessness can very easily lead to broken equipment. In fact, damage is the most likely result of a physical security breach. The simplicity of this type of harm to the network means it has the lowest barrier to entry. Not everyone knows how to install spyware or ransomware, but anyone can smash an appliance.
3. Hardware theft
When criminals are not breaking your expensive things, they are taking them. Chances are your servers will not be targeted for this type of attack. Desktops and hard drives are more likely targets for theft, due to their size and assumed value. Theft has very similar results to damaged equipment, except that sensitive information stored on the stolen equipment may also be accessed.
Stolen hardware needs to be replaced, but the data on it may be lost if it is not stored on a backup. This opens the business up to the theft of company, customer, partner and employee information. When it cannot be replaced and it cannot be accounted for, there is an apparent and inferred threat to what remains of your network.
4. Greater access to passwords
Passwords and other information that can give criminals later access are extremely vulnerable. In a physical security breach, a password can be gained from a stolen computer that was logged in or has a password saved onto it. Passwords may also be written down on paperwork or in documents stored on a desktop.
5. Business reputation
Your business network is not just confined to the connection between two or more computers, it also extends to the bonds you have made with customers and business partners. It is the network your business has built. When there is a physical security breach, it can be hard to detect what was taken or lost. You will have to deliver messages warning the people whose information you have stored, and you may not be able to give them any real peace of mind.
When your system is attacked remotely, it is easy to know that your data was the target, but a physical security breach is not as clear-cut. The vague nature of what happened and what was stolen can hurt your standing in the eyes of the people who trust you. You may not really know what was targeted or stolen. In the business world, “I don’t know” is rarely an acceptable answer.
The solution to these threats is to shore up your vulnerabilities. In the same way that cyber security can stop cyber criminals, physical security can stop regular criminals. Having locks within your building is very important. It creates multiple barriers to entry. The locks should be high quality and designed to withstand both violent entry and surreptitious methods of entry (lock picking, bump keys, shimming, etc.). Make sure that the lock installation is done correctly, as obvious physical security weaknesses present a greater possibility of internal threats. Network security takes more than just cyber security, so make sure you are as protected as possible.