Last week’s breach of the United States Capitol building had massive political ramifications — but it’s also forced a reckoning about the physical security measures supporting Congress’ IT systems.
In addition to reports that at least two Congressional laptops were stolen, the international intelligence community frets that foreign spies joined the crowd, where they potentially could have planted tiny surveillance devices and reconfigured software, hardware and firmware to mine top-secret data. Some information was irretrievably compromised, and restoring the security of the Capitol will require an inch-by-inch inventory of all areas the interlopers entered.
With international attention focused on the event, now’s the time to talk with your buyers about physical security — especially in offices that are frequently vacant during this pandemic. Here are some essential measures your customers should take now:
Secure the servers. Does the IT department follow strict protocols to lock down the server room and secured its most vulnerable devices in there? Bonus points if the company employs rack-mounted servers instead of towers, which are easier to haul off.
Lock up your workstations. The pandemic has left plenty of desktop PCs and even laptops sitting idle on desks. Best security practices dictate that those machines should be disconnected and locked away. And if they’re out in the open, secure them with case and cable locks.
Safeguard storage. Use disk locks and block USB ports to keep bad guys from transferring data to flash drives and other removable media.
Don’t forget the printers. Make it standard operating procedure to shred any extra printouts — and lock down printers as well, since they may store confidential info in memory.
Beef up surveillance. When flesh-and-blood employees are out of the office, electronic surveillance will pick up the slack. Has your client implemented biometric scans or smart cards? Keeping personalized track of comings and goings will fend off bad actors.
These measures cover a lot of the most prominent vectors for attack, but they’re just the tip of the iceberg. Ray Bernard Consulting Services recently updated its report on hardening physical security, and its advice is well worth reading.
If the United States Capitol is vulnerable to intruders, your customers should take their own security that much more seriously. Discuss this timely topic with them to raise your status as a trusted partner.