Byte-size Bulletins

Don’t forget, your empty office is a security risk too

Written by Rachael Brown | Aug 25, 2021
 

We’ve all heard about how unsecured firewalls and manhandling of data can make your business vulnerable to cyber security attacks.

But the pandemic has created security issues for businesses in an unexpected way, in their physical security posture. To you and me this means an increased risk of break-ins.

With remote and hybrid working situations, most of our offices have become near-empty ghost towns. This situation of abandoned or minimally staffed locations is ideal for malicious actors looking to access vital systems from inside the office.

They’re given more time and less pressure to get around locks. And often thieves don’t even need to break in, they can talk their way in with the right outfit and story.

You might be saying, well, it’s highly unlikely that would ever happen to my organisation. But the risk of a physical breach is far higher than you may think. Royal and Sun Alliance were fined £150,000 by the Information Commissioner’s Office (ICO) over the loss of 60,000 customers' information.

This happened after a hard drive was stolen from one of their offices which contained 59,592 customers' names, addresses and bank account details including account numbers and sort codes.

It was stolen either by a member of staff or a contractor and has never been recovered. Critically the data on the hard drive was not encrypted, a major error on the part of the company, as this could’ve provided an extra layer of security to prevent the breach.

This is why our first tip when it comes to increasing your own site security, is to ensure that sensitive data kept on hard drives or servers is encrypted. Our second is to educate your employees and keep up their awareness about on-site risks.

More and more staff are becoming aware of cyber crime. With social engineering attacks on the rise, many businesses have taught their employees about phishing. As attention has shifted to digital attacks and breaches, less focus has been paid to the ongoing risk of on-site security risks.

If a ‘contractor’ turns up in uniform, clipboard in hand and confidently asserts they have been sent by management, employees are unlikely to have the knee jerk response of suspicion. The reverse, of striving to be helpful, is more likely to occur, rendering employees a weak link in the security of the organisation.

For this reason, security awareness training for any business should also cover onsite risks and employees looking out for them.

Thirdly, have regular physical security reviews. These help plug any security gaps exacerbated by the pandemic, by identifying them and providing risk mitigation options.


Finally, beware of USB devices. Rogue devices may be sent to you or left around for you to find. When you connect them to your network they can introduce malicious software and give others unauthorised access. 

These are just a handful of tips and scenarios, but it’s critical to remember the more secured you are both remotely and on-site, the more you can focus on growing and building your business instead of responding to threats. 

Small steps to increase your security posture pass off in the long term, helping keep your organisation out of any unwanted security situations.