Physical Security to Combat Computer and Data Theft
How NIST 800 Standards Can Keep Your Computer Safe
Recently the government passed a requirement: small business supplying contractors to the Federal Government must assure that they protect Controlled Unclassified Information (CUI). This information includes financial and medical information about their employees, financial records about contracts, patents and trademarks, and other information. If revealed to competitors or hackers, CUI could harm the company or its employees. These companies need to audit their cyber security processes, people, and technologies to assure that adequate protections are in place to keep this information secure.
The National Institute of Standards and Technology (NIST) developed a checklist of controls and practices that facilitate the audit process: NIST Special Publication (SP) 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and organization. The publication consists of 14 control families that help provide a defense to protect the confidentiality, integrity, and available of the information stored, processed, or transmitted.
But what about the individual at home? NIST SP 800 can educate the home user on procedures and tools that will make home systems more secure. These recommendations include the use of inexpensive or open source tools, external devices, and procedures that you can easily incorporate into your daily routine to protect your information. These lessons do not tell the reader how to implement these controls or practices – you can find these instructions on YouTube. Instead, these lessons provide a roadmap of ideas to make your system more resilient to hackers. These lessons follow the NIST control guidelines. The first lesson of this series covered access controls, and the second covers cyber awareness and training, and the third covers configuration management controls. Today we will discuss the fourth family of controls: physical security controls.
What is Physical Security?
Physical security controls are usually in the realm of “gates, guns, and guards.” However, if you are working out from home or are a “road warrior” for your company, you will not be protected by armed security guards or a perimeter fence. Within your house, there are several physical controls you should consider – but on the road you need controls that protect the data itself and the laptop or tablet.
Security at Home
If you travel and have a desktop workstation within your house, then you should have some type of perimeter defense system. Multiple suppliers of protection systems can alert you in the event of intruder access. These include ADT, Guardian, Protect America, SimpliSafe, and Vivint. Most systems produce an audible alarm, which may encourage the intruder to leave the premises. Some systems even have smoke and heat sensors to detect fire. You can deduct the cost of these systems as a business expense.
Indoor Security Camera
The cost for security cameras has decreased dramatically in the last five years. An affordable security camera costs under $50.00; simply plug it into the room that has your desktop or laptop. While this will not prevent a loss of equipment, it will help identify the individuals that stole your equipment.
Outdoor Security Camera
Of course, the best security is one that prevents a potential intruder from getting access. There are multiple entrance cameras system that alert you (or anyone else you trust) in real time via your cell phone if someone approaches your doors. These systems usually have battery backup so, even in the event of a power failure, these devices will continue to operate.
Created a dedicated workspace. While many independent contractors believe they can conduct business at the kitchen table, the best practice is to dedicate a room in the house for work and to install a lock on its door. You only need a simple key lock, as the purpose is to prevent invited visitors, such as family members, from entering. An ambitious intruder will simply kick down the door.
Safe and/or File Cabinet
There are just some things that need to be printed. Buy a locking file cabinet for any legal or business documents that you want secured. Look for a cabinet that has a flat bottom and at least one inch between the floor of the cabinet and the file drawer. Fill this space with lead weights until you can no longer lift or push the file cabinet. The object is simply to make the file cabinet an unattractive target to steal.
On the Road
After you have made your home office more secure, let’s discuss securing your business data when you are on the road. Remember, you are your own CEO, so ultimately you have the responsibility to be as safe as possible when you are online – both at home and on the go.
Install Tracking Software
Install tracking software on your laptop, tablet, and phone. Over 90% of stolen laptops are not recovered. When deciding what application to purchase, look for the following features:
- Ability to lock and/or wipe the information on the device
- Ability to use the built-in camera to take a photo
- Ability to activate an alarm on the device to alert the thief of tracking
- Ability to send a message to the device to alert the thief of tracking
Install VPN Software
Installing VPN software allows you to use public Wi-Fi safely. The VPN provides an encrypted tunnel so that your information is not exposed to others sharing the Wi-Fi signal.
Privacy Screen Shield
A VPN is a great security control – but what about the people around you? They could easily be reading your screen. Many screens are readable from 120-160 degrees, so a snooper can be several feet away to the side and still have access to the information. Purchase a polarized privacy screen shield to prevent anyone not directly in front of the screen from viewing information.
Cushioned Travel Bag
Carry your laptop in a cushioned travel bag. I had the misfortune of being in a minor traffic accident on the way to a client site. During the accident, my laptop slid off of the passenger seat and hit the console. This damaged the laptop display, and the cost of the repair far exceeded the cost of the good travel case.
Identify Your Belongings
Know what you own. Carry a business card with the serial number, make, and model of the laptop, tablet, and/or phone that you use for business. While this is a last-ditch effort, it could help retrieve your items in the event of theft. For a small fee, you can have your corporate logo printed on adhesive paper and attach these to the back of your devices. This won’t prevent theft, but it will make your items more easily recognizable.
If you are often on the road, invest in a security cable. When you leave your hotel, place the laptop in the bag. Then, lock the bag (or at least the compartment with the laptop in it), loop the cable through the handle on the bag, and then over the clothes bar in the closet. Most laptops now come with a security slot which allows a security cable to be directly connected to the laptop. In this case, simply loop the cable around any fixed object in the room and then connect it to the laptop.
The most important concern protecting information on the laptop, tablet, and phone if these items are stolen. This will be covered in the blog about media protection, which will discuss ways to protect Data at Rest (DAR).