Home > Physical Security
Workplace Safety

Physical Security

Business Email Compromise

Secure Florida's mission is to provide you with information and resources for protecting your cyber assets. However, we must always understand that any adequate computer security system begins with proper physical security.

The greatest firewall software in the world is not going to protect your data if your server is stolen.
In deciding on sufficient physical security, the goal is the same as with sufficient cyber security: try to make it so difficult to break in that the would-be criminal decides it's just not worth it. This is called “target hardening” — not only do you make it difficult to get to, but you also make it appear so formidable that no one even tries.

Every organization and building is different, with different security needs that may vary from office to office. Below are some options for strengthening the physical security of your office and your digital data:

  • Limit access to the premises. Depending on your organization, you may limit traffic into and out of your building to just employees, or limit access to certain parts of the building. It’s also a smart idea to further physically limit who has access to sensitive equipment, like servers and other critical equipment. This can be done in several ways, such as good locks on doors and key cards or coded locks to gain entry.
  • Protect your most valuable equipment behind closed doors. Identify your most important and vulnerable equipment and put it in a locked room away from where someone with malicious intent might get to it. In addition to servers, other terminals might give a bad actor access to sensitive information and should be placed in a secure area with limited access.
  • Use surveillance. Cameras are a good deterrent when they’re visible. Not only that, but in the unfortunate event that there is a security breach, cameras and recording equipment can help identify the perpetrator as well as identify security holes to be addressed.
  • Consider case locks. Hard drives and other sensitive equipment cannot be removed from a computer with a case lock without a key. If your organization uses laptops, consider using cable locks to secure laptops to a desk so that they cannot be removed.
  • Disable drives. If you have sensitive information that you would not like to have taken off of your servers or saved to a removable disk, consider disabling USB and disk drives on users’ computers.

Remember, depending on your organization’s needs and structure, some of these tips might apply or you may need more. A security assessment can point you in the right direction and identify security gaps. It’s important to remember that the physical security of a building holding your data is just as important as the antivirus protecting it from hackers.