ISHPI

Let's Get Physical
ISHPI CyberBytes Newsletter Vol 2 Issue 3
Read all CyberBytes Newsletters

If you immediately thought of Olivia Newton-John when reading this monthā€™s topicā€¦. well, then you know what that means (at least in relation to your birthdate). If you didnā€™t, then you havenā€™t been introduced to a stereotypical 80ā€™s musical nugget from the time capsule. What does this have to do with Cyber Security you may be asking, well because sometimes, in our quest to lock down our networks and avoid malware and viruses, itā€™s easy to forget about the physical [see what I did there šŸ˜‰] world around us that can pose security threats. So, this month, I wanted to pause on my constant harping on the digital cyber security side and focus a bit on how physical security flaws can and do put your personal information and ISHPIā€™s sensitive data at risk, sometimes just as much as a cyber-attack.

Itā€™s pretty common to assume that a data breach only comes from something like malware, ransomware, or phishing. In reality, to a bad actor, it really doesnā€™t matter how they get your info. One way they can get access to your data is ā€œTailgatingā€. Tailgating [no, not the kind on the interstate, but that is dangerous too!] is a real security issue that happens more often than we think and, in more places than you might think. With the increase in people working back in office spaces, coupled with the real possibility the people you may have been working with for the last year, you have never met in person, makes a perfect opportunity for a malicious minded person to gain physical access to your office building. Now, while we all want to be kind and helpful, unless someone can show proof that they should be inside your office, the best solution is to say kindly ā€œIā€™m sorry, I just cannot let you inā€. Yes, you might come across as seeming unkind, but if you are not able to confidently confirm the person you are thinking about holding the door for really belongs there, it is better to be safe than sorry.

Likewise, whether working in the office or home, leaving your device(s) open and unattended invites would-be thieves (tailgaters and potential insider threats) to take what they want and go. So please, if you step away, lock your devices!! As we continue to explore all this physical security threat, letā€™s not forget the bane of my security existence [itā€™s a tie with sharing passwords or reusing passwords] open, written-down passwords and other sensitive information on sticky notes, notepads, etc.ā€¦ Issue 1 and Issue 10 of the CyberBytes newsletter addresses password safety and password managers.

And finally, always be on guard when it comes to “shoulder surfing”. You never know who is trying to steal your information. Always be aware of your surroundings before entering sensitive information into your devices. While it may seem unlikely, even people youā€™ve worked with for years may be interested in your password (insider threat is very real). So, Letā€™s Get (focused on being aware of) Physical (security) [I know that the tie into the topic was weak this month, but if you have the song as an ear worm now, your welcome]!

Newsletter By:Ā  Rob Collings, ISHPI’s VP of Cybersecurity | CISO

May 1, 2024

Share this Newsletter