The physical side of cybersecurity
HIPAA

 The physical side of cybersecurity – an introduction to physical security and some ‘hard’ recommendations.

Marty Tatro
by February 11, 2022

Introduction

In a time when cybersecurity is elevated to an absolute necessity for organizations that otherwise weren’t overly concerned with it, one area of concern that is sometimes overlooked is physical security. Yes, physical security is part of cybersecurity! Here we will discuss why physical security is essential in your organization, what it might look like, and how it may positively impact your security stance.

Note that due to the size and complexity of this topic, this will be the first of at least three (3) posts. The first post describes the overall topic meaning, first steps, and physical (IE: ‘hard’) security measures. The second post will cover contingency/continuity planning, and the third will cover heating, ventilation, and air conditioning (HVAC) topics. We will link each post to the others. 

What do we mean when we use the term ‘physical security?’

ISC2 defines the purpose of physical security as “to protect against physical threats.” While the word ‘physical’ tends to lead many to think of tangible objects, such as doors and walls, in the case of cybersecurity, it also connotes protections used to secure physical items such as data storage drives and environmental controls. 

What is the first step toward ensuring physical safeguards are in place at our facility?

Whether your organization is building a new facility or entering an existing one, you will have different measures required to emplace physical security safeguards. For instance, if your facility already exists (perhaps you are leasing a warehouse or part of an office building), you will be constrained by what physical, environmental, and space exists within the structure. If you are designing a new facility, you can plan and engineer your security based on more flexible considerations. 

Both situations require a firm knowledge of each organization’s space, funds, and security needs. With this information, your facilities engineers and staff can work together to secure your organization’s assets as best as possible.

What are some physical (hard) security measures that we should consider?

Physical security measures that are ‘hard’ are systems that create barriers or limitations to access to your assets. In other words, cement, windows, lighting, security officers, roads, fences, etc. Limiting physical access creates a more robust cybersecurity environment to protect what is valuable. These types of measures also help protect your personnel from harm.

A few of these measures could be:

  • Bollards: Usually a post made of concrete or metal, bollards restrict movement into or out of an area. They prevent vehicles from coming too close to an installation or guide foot traffic to specific entry points.
  • Fences/walls: Another means to stop or guide traffic. These can be electrified or have different types of wire (barb or razor) at the top to keep people from climbing over the barriers.
  • Security guards: Living personnel that controls access using various methods such as patrols, identification, and logging of visitors, and may use firearms or other offensive/defensive methods of control under certain circumstances. Employing security guards MAY reduce the cost of insuring your facilities as well.
  • Mantraps: These are restrictive door/entry setups that make it possible for only one individual at a time to enter the facility. They also can be set up so that security can block exit from the trap if necessary. 
  • False vehicle exits: Exits specifically designed to allow a vehicle to be redirected away from personnel and buildings to perform security checks or reduce casualties if bombs and firearms are of concern. Sometimes referred to as ‘kill zones.’
  • Lighting: Lights are essential both inside and out for security. The type of lighting can also affect how secure your facility will be—incandescent, flood, area, motion-sensitive on/off, mercury vapor, etc. Make sure to consider where any security cameras and patrolling are as well, as working with a dark location can become a problem without appropriate lighting.

It is easy to see that this is not a complete list of available options but just a small group of examples. Your organization will have to determine its various needs and wants during planning for each facility. You may not need a great deal of physical security of the ‘hard’ type, but it is undoubtedly necessary to at least consider as many options as possible.

Summary

When planning cybersecurity for an organization, there are many points to consider: finances, access, traffic and parking, hours of operation, and more. Your assets–data, personnel, or clientele are what make up the whole reason you are in ‘business’ in the first place. Don’t let substandard or ineffective measures place them in jeopardy.

Northstarr Recommendations

Physical security planning and implementation is a part of cybersecurity that our Northstarr experts recognize and value to ensure your data is secure. We can help you plan and execute the most effective designs possible with the most up-to-date systems and technology available. Sign up for a free security assessment Here or call us at (888) 767-2210 to talk to our professionals today.

You May Also Enjoy These Articles:

Beyond HIPAA: Other Cybersecurity Considerations
Prioritizing Privacy and Security in Medical Reception Areas
Broward Health Data Breach Impacts over 1.3 Million Patients and Staff Members