cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
anilahir490
Newcomer I

Safety of your physical assets and premises

Hi,

 

I'm Anil Ahir. I am looking to enhance our physical security measures at work and would love to hear about your experiences . What are some effective strategies you've implemented to ensure the safety of your physical assets and premises?

 

 

Thanks
Anil
Software Engineer
6 Replies
denbesten
Community Champion

Issue door badges/keys to everyone, keep the outside doors locked and have a strong corporate policy condemning work place violence.

 

There was a fistfight at my company many years ago.  Everyone who threw a punch was terminated immediately for cause.  The protocol is "run, hide, fight".  Those claiming self defense were reminded that they should have first tried running away.

 

ericgeater
Community Champion

Agreed.  Badge access and good key management is effective.  And thus fences, bollards, and other fixtures which resemble CPTED.

And while this is actually a technical control, account lockout after X idle time is also useful for people who wander away from physical workstations.

I would be interested to hear if anyone has a plan or design for things which are intended to walk off, like laptops and smartphones.  It may be an administrative control, but I'm a fan of "out of sight, out of mind" behavior.  Don't use company property in conspicuous or public places.  Don't store company equipment in the cab of your vehicle, but always in the trunk or boot.

-----------
A claim is as good as its veracity.
JoePete
Advocate I

This is also a good topic to integrate into your security awareness training. Employees might not pay full attention to lectures on passwords, phishing, and WiFi, but everyone's ears seem to perk up when you talk about personal safety. It also turns security awareness from corporate training into employee benefit.

 

One of the things we always emphasized was the buddy system. Some of this goes to CPTED (avoid isolated offices, especially near stairwells and exits) and ensuring an employee and their resources aren't left alone. But a large part goes to encouraging employees who see something or someone out of place to call or engage another employee. The manipulation of social engineering is much harder to execute against two people rather than one.

ericgeater
Community Champion

The manipulation of social engineering is much harder to execute against two people rather than one.

 

This is a very good point, @JoePete.  I do a "touch-and-go" cybersecurity briefing for new employees, and I emphasize the importance of relying on one's colleagues.  Don't reply to a questionable email.  Walk to their desk, or at least place a call.  Don't just demonstrate interest.  Cultivate interest.

 

Thank you.  I just added a new slide to the deck.

-----------
A claim is as good as its veracity.
denbesten
Community Champion


@ericgeater wrote:

I would be interested to hear if anyone has a plan or design for things which are intended to walk off, like laptops and smartphones. 


Bitlocker, find-my-iphone and remote wipe are my go-to tools.  Of course I am in security, so I care about the data, not the device itself.  That problem belongs to finance.

 

Don't store company equipment in the cab of your vehicle, but always in the trunk or boot.

Also, put it in the trunk before you leave, not when you arrive at the destination.  You never know who might have witnessed where it was stashed.

Caute_cautim
Community Champion

@denbesten @ericgeater    If it is a corporate Mobile phone it is normally tied to a Mobile Management System (MMS), which upon instruction upon notification to Security, means if it is accessible - gets automatically wipe, so just become a hunk of metal and an empty shell.

 

Laptops - encrypted by default, if it is stolen, they need the certificates and login information etc in order to access the system.  Once again, if corporate system and it is accessible, instruction goes out to wipe it directly.  So once again, it becomes a hunk of metal. 

 

From a storage perspective encouraged to use remote online storage such as Box, as a means of synchronisation of data, which can then be used for restoration if required at a later date.

 

Regards

 

Caute_Cautim