With so much attention focused on securing networks, preventing phishing, and avoiding ransomware attacks, the physical side of security sometimes goes overlooked. However, it's crucial not to overlook the significance of physical security in safeguarding sensitive data. Even in the modern-day where seemingly everything has an internet connection, we must remain vigilant against physical threats to our information!
Keeping a Clean Desk
It might not seem like a security risk, but a messy desk could lead to accidental data leaks, especially if you work with hard copies of sensitive documents like student or staff records. These simple practices can significantly enhance desk security:
- Lock away sensitive data when not in use - Keeping your files locked away in your desk is an easy way to make sure that sensitive information doesn't fall into the wrong hands.
- Always properly dispose of documents - A practice called dumpster diving poses a threat as it allows malicious actors to steal confidential information by retrieving documents from trash bins. Secure document disposal practices like shredding or using designated disposal services can protect information from unauthorized access.
- Never write down your password on a sticky note - You'd be surprised how many people leave their passwords written in easily accessible locations. Doing so can lead to easy password and account theft. This is especially bad if you use the same password for multiple accounts!
- Lock your workstation when not at your desk - It's as easy has pressing the Windows Key + L on your keyboard! This quick action can ensure no one can mess with your digital files or accounts while you're away from your desk!
Dangerous Removable Storage
Imagine finding a USB flash drive in a lobby or parking lot. How tempting would it be to insert that drive into your computer and see what’s on it? Attackers know this temptation is universal, and intentionally create malicious, portable storage devices to drop in places where they will be found. Plugging in an infected thumb drive could compromise the entire district and is no different than clicking a malicious link in a phishing email.
Unplugged Threats
Hacking doesn’t always require a computer - there’s also the non-technical side; the unplugged threat posed by people who use old-school techniques to physically gain unauthorized access. Let’s explore what those threats entail and how you can prevent them.
Tailgating
Hacking doesn’t always require a computer - there’s also the non-technical side; the unplugged threat posed by people who use old-school techniques to physically gain unauthorized access. Let’s explore what those threats entail and how you can prevent them.
Shoulder Surfing
Imagine someone on an airplane reviewing documents that contain sensitive information. How easy would it be for anyone sitting near that person to see details like full names, financial information, and email addresses? This unfortunately common scenario highlights the importance of discretion. When in public, it’s best to avoid accessing or discussing anything confidential.
Piggybacking
It’s polite to hold doors open for people, but it could also be a potential security incident. A scammer might dress up as if they’re a member of an organization and claim they don’t yet have a badge, so they need you to open the door for them. They “piggyback” off your access. It’s not much different than giving someone else your username and password.
Dumpster Diving
Don’t underestimate the willingness of data thieves, some of whom have no shame in digging through trash or recycle bins. Their hope is to find documents that contain confidential information or discarded smart devices where the data hasn’t been properly erased. Be sure to properly dispose of any physical documents or assets that contain sensitive data.
