Cyber Security is also Physical Security
The IP-enablement of physical devices is increasing in both the private and public sectors. Physical devices such as those that control access to buildings, air conditioning, and even soda dispensing machines are now controlled via an organization’s IT network.
The IP-enablement of physical devices, which is intended to increase operational efficiencies, also increases the importance of physical security as a component of cyber security. And so now is a good time to review some of the common sense principles and approaches to physical security.
Locking up and securing our personal and mobile IT assets is a physical level of cyber security that many people disregard. Something as simple as using a good old-fashioned lock and key system or a combination lock can thwart a cyber criminal who is looking for a quick, cheap hit. After all, what is better for a thief than quick and cheap?
For example, have you ever worried about having your mobile device stolen from your car while you run into a convenience store or rest room while the gas is filling in your tank? It’s not all that uncommon.
So what’s a simple solution? Take your device with you or lock it up in the glove box. After all, it contains not only valuable personal information but also likely contains apps or downloads which enable access to corporate assets such as email and sensitive files. If you take it with you there is nothing to steal. If you lock it up, it is not only out of sight, but it is in a secure location that would take time and effort to breach. Stealing your device is no longer quick, cheap, or attractive to a thief.
What about your laptop being left in your hotel room? Sure, you have a screen saver lock and/or CAC reader that locks the device upon your signing off so contracted cleaning personnel in the hotel cannot access your system while you are at the gym or meeting a colleague for dinner. Good to go, right?
But what about the threat of your entire laptop being stolen by someone gaining unauthorized physical access to your hotel room? You must be thinking, “Come on, man, this never happens. Those card-entry systems log exactly which cards (and by whom it is owned) are able to enter my room.”
Sure, they do just that. But what about someone who leaves his or her entry card unattended and has it physically stolen? It happens. The solution: Take your laptop with you in a bag or lock it up in the hotel room safe, gym locker, car trunk, etc, when you leave the room.
Again, if you take your laptop with you, there is nothing to steal. If you lock it up, it is not only out of sight, but it is in a secure location that would take time and effort to breach. Stealing your laptop is no longer quick, cheap, or attractive to a thief.
Still think the theft of your laptop from your room is unlikely? What if I were to tell you that I could gain access to your hotel room without even using an IT-enabled access card? I could enter your room entirely undetected after I see you leave your room in your gym clothes or your finest dinner attire? Check this out and tell me it doesn’t send a chill down your spine.
Maybe now you believe me. Or at least you’ll think twice before hurriedly dismissing common sense and the physical security of your personal and mobile IT assets.
Don’t enable thieves. Don’t make theft of your laptop or mobile device quick and cheap.