Feature

Cyber Terrorism

Combining physical and digital security to protect your business

In the past, relying on physical locks and security features was normal. There was no such thing as digital locking systems and CCTV was rather primitive. Today, things are completely different, and since the Covid-19 global pandemic there are now a whole new set of security needs due to the mass move to working from home.

This move has left many office buildings empty which has left them wide open to be prime targets for burglaries and break-ins. It is therefore important to combine both physical and digital security in order to ensure your business remains secure even if your office doors remain closed due to lockdown.

Ensuring a good mix of physical and digital security for maximum protection
One of the biggest problems that people face when protecting their business is their reliance on either physical security or digital security. Ideally, you should ensure a good mix of both. For instance, if you only have a digital lock protecting your doors there will be countless other ways for people to break in. They could then hack into your security solutions and trick them into opening doors with pre-programmed ID cards, or even by abusing security safeguards and backdoors.

However, it is also possible that you are relying too heavily on physical solutions and not making room for digital options. A good example of this is installing a traditional CCTV system that can only be monitored from within your office. Since many are now working from home, it is important to have a remote system that allows you to view camera footage from any location. This will give you peace of mind, your security systems will alert you whenever there is a potential intruder and allows you to manually look at the camera feed to see if you need to call security or even the police. Despite all this, certain devices will still need to be switched on such as network solutions and servers, and this makes offices a top target for thieves.

Work with the right services to ensure complete protection
To ensure complete protection and peace of mind, you should engage an emergency locksmith and security services to protect your business both digitally and physically. There are many different solutions for both, so it is important to mix them carefully to ensure your business is protected regardless of its circumstances.

For example, you may need to focus on how you are going to protect your networking solutions from online cyber criminals. Since you will need to keep your servers online to work from home, you may want to move your remote workflow away from your own office and instead use other cloud-based services that offer enhanced protection and security features. This will make it easier for you to personally manage and provide reassurance that there are experts looking after your data and ensuring that your business remains fully operational despite everyone working from home during the pandemic.

There are also many physical security risks to organisations as well as digital ones. Here are some of the more common ones, and how you can protect your organisation against them:

Physical Security Risk 1: Tailgating
Most offices have a type of access control such as a swipe-card access point or a locked door. While these physical security measures are good, they can be easily overcome by someone who is determined to gain unauthorised access to your premises.

Tailgating is the practice of an unauthorised person following an authorised person into a building or a secure area. This often happens as multiple people will pass through doors every day, and the people following behind will simply follow through to gain access, making it easy for an unauthorised person to get into an office building with no difficulty.

Tailgating can be limited with the right security measures, if you are willing to make the investment, as anti-tailgating doors can be installed which make this practice virtually impossible. Another way to reduce tailgating is by providing physical security training to your staff. It is far less reliable, but more cost effective. Your staff should also be encouraged to report any tailgating attempts they witness to security personnel.

Physical Security Risk 2: Document Theft
Papers and documents are likely to be lying around in many places from printer stations to desks. Sensitive and confidential documents can easily become unaccounted for and fall into the wrong hands. Even if they are not taken from the office, a visitor could have access to information that you do not want them to see.

The best way to prevent the accidental viewing of documents or the theft of them is to have a clear-desk policy in place. This means ensuring that staff all clear their desks and put all documents away at the end of a working day, which will make it less likely for confidential documents to be left in vulnerable places. Your staff should also shred all sensitive documents held by them when they are no longer required.

Physical Security Threat 3: Control Access to Visitors
It is impossible to keep a high level of physical security if you don’t know who was in your office at specific times. Visitors that are unaccounted for can pose a serious risk, as you will not be able to tell if they were there if an incident occurs.

Having swipe-card access or ID doors for access control is essential for the security of your organisation, and all visitors should be accounted for through visitor passes. By having this system in place, you will always be able to find out if a person within your office is authorised to be there, and you will also have a log of their entry to verify if needed. The caveat to this is that you should be careful that everyone actually uses the verification that they are authorised to use.

Physical Security Threat 4: Stolen Identification
If people are going in and out of your office using someone else’s identification, the end result is the same as if you had no control over the access to your office at all. Your staff should be educated about the importance of protecting their IDs or access cards. If training on this is not provided, many will share or lend each other their cards quite innocently without thinking about the security ramifications of this and making it much harder to properly monitor office building access.

Physical Security Threat 5: Social Engineering
Social engineering is one of the most challenging physical security vulnerabilities to overcome. These kinds of attacks come in many different forms, which makes them difficult to combat. They rely on the manipulation of your staff, often using information they have gained to impersonate someone else, or by abusing human empathy to gain access to secure networks and areas.

The ‘coffee trick’ is one of the oldest social engineering tricks in the book. It is a more sophisticated version of tailgating and involves a person holding a cup of coffee in each hand walking towards an office door. An unsuspecting employee who is passing nearby may then open and hold the door for them out of politeness, thus letting an authorised person gain entry to the premises.

There is no way to overcome all threats that are born out of social engineering, but to try and combat them, you should undertake a thorough physical security risk assessment and consider how someone could get past all the protections that you have put in place. Raising awareness through training about social engineering is key, as it will help your staff to understand the risks that it can pose, and to help them stay alert to any suspicious activity.

Build a strong physical and digital security culture
While sadly it is impossible to stop all attacks against your business, both physical and digital, by combining the two and raising awareness about physical and digital security among your staff you can encourage them to take an active stance in helping to defend their workplace. This is by far the most effective way to stay as secure as possible. You may think that your staff are you biggest threat, but they are also your greatest ally.

Lisa Ventura is an award-winning Cyber Security consultant and is the CEO and Founder of the UK Cyber Security Association (UKCSA), a membership association that is dedicated to individuals and companies who actively work in cyber security in the UK.

Lisa is passionate about raising awareness of being more cyber aware in business to help prevent cyber-attacks and cyber fraud. She is a thought leader, author and keynote speaker and has been published in various publications globally. In 2020 she was named CISO Magazine’s Infosec Superwoman of the Year, in 2021 she was named as one of SC Magazine’s ‘Top 30 Women of Influence in Cyber Security’ and has won numerous other awards for her work including SC Magazine’s ‘Outstanding Contribution to Cyber Security’ award.

Partners

View the latest
digital issue