Cybersecurity

Data protection isn't just about firewalls. It's about brick walls too

A Department of Homeland Security worker listens to U.S. President Barack Obama talk at the National Cybersecurity and Communications Integration Center in Arlington, Virginia, January 13, 2015. REUTERS/Larry Downing (UNITED STATES - Tags: POLITICS SCIENCE TECHNOLOGY CRIME LAW MILITARY) - RTR4LBMO

The National Cybersecurity and Communications Integration Center in Arlington, Virginia. Image: REUTERS/Larry Downing

JLL Staff Reporter

Outwitting hackers with sophisticated software makes for the stuff of spy novels. But in the real world, simple physical security measures also have a huge role to play to keep critical data in the right hands.

That’s not to dismiss the need for some technical wizardry in the digital age. Cyber-attacks have increased in both frequency and intensity in recent years, with the average cost of a data breach up 23 percent since 2013.

Experts say, however, that many of these breaches could be prevented, with good old fashioned physical security. After all, an unauthorized visitor, a contractor or less-than-loyal employee is much better positioned to steal sensitive information than a high-tech hacker a thousand miles away. And a lot simpler to stop.

 Global number of cyber security incidents (in millions) by year
Image: Financial Times

“With the focus on anti-virus software, access controls and other forms of automated information security protection, it’s tempting to be lax about physical measures,” says Bill Todd, Senior Facility Manager, JLL. “Yet, a few smart moves can go a long way toward fending off harm to an organization. It’s important to fight cybercrime both in the virtual world—and in the actual facilities where the information is stored or accessed.”

Buildings designed to be secure

One strategy is to design the workplace with security in mind. Separating the reception or elevator lobby from workspace, for example, limits access to areas containing sensitive data.

“For multi-floor corporate tenants in large office buildings, keeping a locked door between the elevator lobby and the workplace has become a standard practice,” says Todd. “Where possible, it’s also smart to keep high-visitation areas, such as conference rooms, on a separate floor from access points to highly sensitive data.”

Data centers and telecom closets should also be subject to video security; highly sophisticated cameras are more affordable than in the past, and can serve two valuable functions. First, their very presence will deter would-be wrongdoers who prefer an easier target. Second, cameras allow for a forensic review if incidents do occur and make it easier to catch the culprit.

Controlling access to restricted areas is a must. State-of-the-art security measures such as smart cards, tokens, or biometric scans which record the identity of each person who enters not only keep outsiders outside, but also prevent access by employees who have no business being in areas containing sensitive data. For extra security, encrypted security badges are preferable to simpler electronic badges that can be stolen during an elevator ride or standing in line for coffee.

Managing facilities to maximize security

Even sophisticated safeguards to keep intruders out are not the be-all and end-all of the physical protection of an organization’s sensitive data. That’s mainly because such systems often can’t keep a determined insider from stealing a hard drive or a password written on a sticky note attached to a computer.

“Given the number of passwords we all use each day, it’s no wonder that it is a common practice for employees to keep them visible and near the equipment they use,” says Todd. “Facility managers can help enforce a clean-desk policy that not only keeps passwords secure, but also helps prevent theft of sensitive printed information left out in the open.”

Todd suggests that even the most sophisticated organizations may overlook these simple, low-cost measures—that facility managers are uniquely positioned to make happen:

  • Don’t leave computers unattended in unsecured areas. An unauthorized intruder can use any computer connected to a network to access information. Vulnerable computers include workstations in the reception area, at unoccupied desks or in empty offices. Equip computers that must remain in the open with technology like smart cards or biometric readers to limit access.
  • Disconnect or remove computers that aren’t being used. Even in secured areas, an unused computer can present a risk. When an employee is out on vacation or out sick, their desktop computer should be secured. If the computer is in an office, lock the door.
  • Use case locks to prevent hard drive theft. Some of the most highly publicized data breaches have resulted from hard drive theft or theft of an entire computer. A related step: disable USB drives and optical drives to prevent unauthorized downloads.
  • Keep printer areas clean. Many offices have a shared printing and copy room, where busy employees may inadvertently expose sensitive information in unneeded print-outs. Again, facility managers can reduce risk by enforcing proper disposal of documents.

The sharpest criminals have an eye for physical weaknesses in a workplace. Building in security measures and controlling employee habits around data security can help an organization stay in control of who sees sensitive information.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Future of Work

Related topics:
CybersecurityJobs and the Future of Work
Share:
The Big Picture
Explore and monitor how Future of Work is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum