It’s time to take physical security seriously
The USB stick is a common tech accessory that you’d find in most homes and nearly every office. Lightweight and easy to use, they are the perfect portable storage medium. Many of us depend on these sticks to transfer information between devices and store them as we shuttle about different locations.
By Marcus Harvey, Sales Director EMEA at Targus
However, not many of us stop to think about how easy it is to lose or steal these nifty flash drives. One misplaced USB stick is all it takes to result in costly and potentially devastating, consequences for its owner.
Heathrow Airport found this out the hard way when it lost a flash drive containing the sensitive personal information of up to 50 security workers, as well as a training video that exposed the names, dates of birth and passport numbers of a further ten.
The loss of this little data stick racked up an eye-watering £120,000 fine for Heathrow from the Information Commissioner’s Office, proving that data really is worth more than its weight in gold.
Getting the basics right
Significant as fines for data loss incidents can be - up to four percent of global turnover in the case of GDPR - it’s arguable that the reputational damage from a major breach is even worse. So why are businesses not doing more to protect the physical security of corporate devices?
For all the money spent on antivirus, threat detection, encryption and other security measures, physical protection remains the Cinderella of cyber security. No-one denies that it’s important to protect corporate networks and endpoints from unauthorised access, but why do so few organisations take the necessary steps to prevent device theft or 'shoulder surfers' who need nothing but good eyesight to read sensitive data off the screen?
In 2018 businesses spent almost $100bn on information security, even though the proportion of global firms that experienced breaches rose in the same year. It’s not that businesses are wrong to invest in logical security systems - far from it. It’s rather that many are neglecting some very simple and highly affordable measures that would have a major impact on their ability to protect against data breaches.
Keeping secure on the move
Perhaps it’s no surprise that physical safeguards are taken far less seriously than cyber security measures. Invisible threats seem more insidious and mysterious - the mystique of a North Korean hacker stirs the imagination far more than a light-fingered thief or a snooping shoulder surfer on public transport.
But no less an authority than the FBI cites laptop theft as one of the world’s top three computer crimes. Meanwhile the cost of letting someone read sensitive information off your screen - perhaps a rival from a competitor company sitting behind you in Business Class - is impossible to quantify.
Businesses need to teach their employees to take better care of sensitive data when they’re on the move. Without proper awareness, employees may be putting themselves and valuable corporate data at risk without realising. This is a matter of education, of course, but will also involve a small outlay on physical security devices.
Privacy screens are an affordable and effective way of protecting data from prying eyes. By massively reducing the angle from which the monitor is viewable, privacy screens ensure that sensitive data and documents can’t be seen by anyone but the user.
Businesses can also help their employees to guard against hardware theft by issuing them with cable locks to be used whenever they are away from their device for more than a few seconds. It’s astonishing that we seem to take more care of an old bicycle than we do for a device that may cost several thousand pounds and which could contain data worth immeasurably more.
A worthy investment
Physical security measures, as effective as they are, can only go so far in helping businesses protect their valuable corporate data.
Businesses who are serious about their security must ensure that these measures are accompanied by robust employee education. Every business traveller must be aware of the potential threats to corporate data - be it physical or otherwise.
Data breaches can cost businesses thousands of pounds. Perhaps more costly than that is the loss of trust and brand reputation, that can take years or even decades to rectify.
Compared to the far-reaching consequences of easily-preventable breaches, the amount of time and money needed to make a real difference to security is negligible. When data is worth far more than gold, it makes sense to treat it accordingly.