If you immediately thought of Olivia Newton-John when reading this monthās topicā¦. well, then you know what that means (at least in relation to your birthdate). If you didnāt, then you havenāt been introduced to a stereotypical 80ās musical nugget from the time capsule. What does this have to do with Cyber Security you may be asking, well because sometimes, in our quest to lock down our networks and avoid malware and viruses, itās easy to forget about the physical [see what I did there š] world around us that can pose security threats. So, this month, I wanted to pause on my constant harping on the digital cyber security side and focus a bit on how physical security flaws can and do put your personal information and ISHPIās sensitive data at risk, sometimes just as much as a cyber-attack.
Itās pretty common to assume that a data breach only comes from something like malware, ransomware, or phishing. In reality, to a bad actor, it really doesnāt matter how they get your info. One way they can get access to your data is āTailgatingā. Tailgating [no, not the kind on the interstate, but that is dangerous too!] is a real security issue that happens more often than we think and, in more places than you might think. With the increase in people working back in office spaces, coupled with the real possibility the people you may have been working with for the last year, you have never met in person, makes a perfect opportunity for a malicious minded person to gain physical access to your office building. Now, while we all want to be kind and helpful, unless someone can show proof that they should be inside your office, the best solution is to say kindly āIām sorry, I just cannot let you inā. Yes, you might come across as seeming unkind, but if you are not able to confidently confirm the person you are thinking about holding the door for really belongs there, it is better to be safe than sorry.
Likewise, whether working in the office or home, leaving your device(s) open and unattended invites would-be thieves (tailgaters and potential insider threats) to take what they want and go. So please, if you step away, lock your devices!! As we continue to explore all this physical security threat, letās not forget the bane of my security existence [itās a tie with sharing passwords or reusing passwords] open, written-down passwords and other sensitive information on sticky notes, notepads, etc.ā¦ Issue 1 and Issue 10 of the CyberBytes newsletter addresses password safety and password managers.
And finally, always be on guard when it comes to “shoulder surfing”. You never know who is trying to steal your information. Always be aware of your surroundings before entering sensitive information into your devices. While it may seem unlikely, even people youāve worked with for years may be interested in your password (insider threat is very real). So, Letās Get (focused on being aware of) Physical (security) [I know that the tie into the topic was weak this month, but if you have the song as an ear worm now, your welcome]!
Newsletter By:Ā Rob Collings, ISHPI’s VP of Cybersecurity | CISO
May 1, 2024