We use cookies on the site to improve our service. By clicking any link you are giving consent for use of cookies. Click here for more information

Physical Security

Physical security is equally important as online security in protecting your computers, business and employees against crime. This page covers physically protecting your equipment and data not only from theft, but also from fire, flood and accidental damage.  

The Risks   

Computer and Data Theft

If your computer equipment is not suitably protected, it is easy for criminals to either steal data or infect your computers and network without needing online access – or to steal or damage the equipment itself. In spite of the sophisticated online methods now used by criminals, it is still easier to access the computer by entering your premises.

Firstly, if your premises, home office or other premises where computer equipment is kept is not adequately secured, the way is left open for criminals to gain access by breaking in. 

Another common way they can enter your premises is by masquerading as a supplier – for example a photocopier engineer or utility company representative. It does not take long for criminals to achieve their objectives once you have been tricked or distracted. 

Physical Damage

Like everything else in a business, computer equipment is vulnerable to damage from fire, flood and accidental damage. However, the consequences can be devastating because of the data you have stored on it.

Keep Your Computers Safe

  • Keep doors and windows locked.
  • Keep sensitive hard copy records locked away if possible.
  • Fit an intruder alarm, with unique codes for each employee.
  • Fit bars or shutters to vulnerable windows.
  • Use CCTV to deter intruders and record incidences of criminal activity.
  • Consider using computer locking cables on individual desktop machines. 
  • Keep a fire extinguisher suitable for use with electrical equipment, near your computer.
  • Take care how you dispose of packaging that might advertise that you have new equipment.
  • Consult with your insurance company or local crime prevention officer for additional security advice.

Visitors to your business:

  • Be vigilant about granting access to any visitors, and escort them where appropriate.
  • Vet contractors and support personnel.
  • Restrict access to sensitive areas, such as server rooms or HR records.
  • Encourage staff to challenge unescorted strangers in secure areas.

Additional Advice for Laptop Users

  • Employees should keep laptops and other mobile devices with them whenever possible. When unattended – for example in a hotel room or meeting room – they should keep them hidden or physically locked up. Laptops and other mobile devices should be carried in hand baggage on an aircraft or coach. 
  • Laptops and other mobile devices should never be left on a vehicle seat. Even when the driver is in the vehicle, their device could be vulnerable when stationary (for example, whilst parking or at traffic lights).
  • Ensure your employees use padded bags to carry their laptops. Many laptops are broken simply by dropping them.

Servers & IT Infrastructure

  • Keep servers and network equipment in a locked room and control access to it.
  • Server and networking racks and cabinets can also be protected by individual locks. 
  • Disable unused network ports.
  • Locate equipment to minimise risks from fire and flooding as well as theft. 
  • Keep a fire extinguisher suitable for use with electrical equipment, near your computer.

Hard Copy Records

  • Use lockable filing cabinets.
  • Maintain a strict shredding policy.
  • Have a ‘clear-desk’ policy so that employees lock up sensitive papers when they are not working on them.
  • Encourage users to pick up their documents from printers, faxes and photocopiers promptly. Where available, use the secure print feature. 

Stolen or Lost Equipment

  • If you learn that passwords have been stored in a document on a stolen or lost PC or laptop, or the ‘remember this password’ box has been ticked on a website, ensure any passwords are changed as soon as possible after the theft or loss.
  • Notify the Police (or if the theft or loss has occurred on a train, the British Transport Police) and obtain a crime or loss reference number for tracking and insurance purposes.

Limit the Impact of a Theft or Loss

  • Make a note of all IT equipment serial numbers to enable reporting if stolen.
  • Security mark computers and other high-value items.
  • Never store passwords on computers.
  • Ensure computer equipment is adequately insured.
  • Back up data (see Backups for more information).

 

See also...

 

Data Loss Prevention
Your data is one of your most important assets. Keep it safe.

Remote and Mobile Working
Keeping connected away from the office must be secure. Here’s how.

Data Protection Act
The Act carries serious obligations. Make sure you comply. 

Information Access Management
Control who has access to what business data.

Business Continuity & Disaster Recovery
How to maintain ‘business as usual’ if things go wrong.