I think one of the more underrated areas of security is the physical security of your technology. We tend to think about, are we encrypting our data, are we using the right passwords, are we using the most secure tools that are available to us. But we tend to forget that one of the easiest ways to have your information compromised is to just allow somebody else to have physical access to it. So it’s important that you think about the physical security of your devices and make sure that you’re protecting them in every way possible.
The easiest thing you can do is to make sure that your devices are locked and secured. If you’re using laptops or desktops, or if you have peripherals like an external hard drive, make sure that you’re using device locks. They’re inexpensive, $20 or $30. They allow you to anchor the device to something immovable. And make sure it is something immovable. Don’t do it to a desk leg that can be lifted up, for example. But that way, you know that nobody’s going to be able to walk into your office, or into a hotel room if you’re on the go, they’re not going to be able to just pick up your device and walk away with it. Keep in mind that this is how the vast majority of large security compromises happen, is through lost laptops and lost devices. So make sure that you’ve got them physically secured.
For smaller devices, portable devices, like an iPad, or thumb drives, or an external hard drive, that you might use to move data from place to place, make sure that you have them locked some place. A file cabinet or a file drawer or a closet that locks. Preferably one that has limited access to the key. If it’s something that is a locked cabinet but everybody in the office has a copy of the key, that’s not quite as secure as the locked drawer that only you have a key to. Match the level of physical security to the security of, or the sensitivity, of the information.
You also need to be extremely careful about leaving devices unattended. Particularly if you’re in a public place, like a coffee shop, or a library. Unfortunately, this is an all too common thing. I have had it happen to myself personally all the time where people will say “Oh, do you mind watching my laptop while I go up to get another coffee?” or something like that. Well, unfortunately, you usually don’t know the person that you’re asking that question at all and you have no reason to suspect that they’re going to be trustworthy. They could walk away with your laptop. They could quickly plug in a thumb drive and install a piece of malware, or they could do just about anything. So don’t leave your devices unattended with people that you don’t know. Make sure that you’re just picking up the laptop and carrying it with you, or avoid those kinds of situations entirely if you can.
Obviously you need to worry about that in a coffee shop or some place that’s public. But I would even worry about it in places that are more mixed use. There are devices stolen from offices all the time. Especially if you’re visiting another office, or if you’re in a court house or something like that. You need to be really careful and make sure that you’re keeping a line of sight on your device at all times so that you know that nothing is happening to it, either by it being stolen or somebody accessing it improperly.