Avoid Getting Hacked with Proper Office Layout and Usage
Office design and usage can either help or hinder physical security. Consider the layout of your office and whether it deters hacks or encourages them. Skillfully planning your office is a first step against preventing hacks of your systems.
Hackers might exploit some office vulnerabilities. Consider these attack points:
Does a receptionist or security guard monitor traffic in and out of the main doors of the building?
Do employees have confidential information on their desks? What about mail and other packages — do they lie around outside someone’s door or, even worse, outside the building, waiting for pickup?
Where are trash cans and dumpsters located? Are they easily accessible by anyone? Are recycling bins or shredders used?
Open recycling bins and other careless handling of trash are invitations for dumpster diving. Hackers search for confidential company information, such as phone lists and memos, in the trash. Dumpster diving can lead to many security exposures.
How secure are the mail and copy rooms? If intruders can access these rooms, they can steal mail or company letterhead to use against you. They can also use and abuse your fax machine(s).
Are closed-circuit television (CCTV) or IP-based network cameras used and monitored in real time?
Have your network cameras and digital video recorders (DVRs) been hardened from attack — or at least have the default login credentials been changed? This is a security flaw that you can predict with near 100-percent certainty.
What access controls are on doors? Are regular keys, card keys, combination locks, or biometrics used? Who can access these keys, and where are they stored?
Keys and programmable keypad combinations are often shared among users, making accountability difficult to determine. Find out how many people share these combinations and keys.
Consider this situation for a client where the front lobby entrance was unmonitored. It also happened to have a Voice over IP (VoIP) phone available for anyone to use. But the client did not consider that anyone could enter the lobby, disconnect the VoIP phone, and plug a laptop computer into the connection and have full access to the network.
This could have been prevented had a network connection not been made available in an unmonitored area, if separate data and voice ports were used, or if the voice and data traffic had been separated at the network level.
What’s challenging about physical security is the fact that security controls are often reactive. Some controls are preventive (that is, they deter, detect, or delay), but they’re not foolproof. Putting simple measures, such as the following, in place can help reduce your exposure to building and office-related vulnerabilities:
A receptionist or a security guard who monitors people coming and going. This is the most critical countermeasure. This person can ensure that every visitor signs in and that all new or untrusted visitors are always escorted.
Make it policy and procedure for all employees to question strangers and report strange behavior in the building.
Employees Only or Authorized Personnel Only signs show the bad guys where they should go instead of deterring them from entering. It’s security by obscurity, but not calling attention to the critical areas may be the best approach.
Single entry and exit points to a data center.
Secure areas for dumpsters.
CCTV or IP-based video cameras for monitoring critical areas, including dumpsters.
Cross-cut shredders or secure recycling bins for hard-copy documents.
Limited numbers of keys and passcode combinations.
Make keys and passcodes unique for each person whenever possible or, better yet, don’t use them at all. Use electronic badges that can be better controlled and monitored instead.
Biometrics identification systems can be very effective, but they can also be expensive and difficult to manage.