Physical Security Awareness Challenges
Securing your workplace requires multiple layers of physical security, and needs may vary depending on the organization; for example, locations like hospitals — a mixture of public and private spaces — face different physical security challenges than restricted infrastructure sites. Organizations should set appropriate controls, and those with more to lose from a physical security breach should consider evaluating their defenses with on-site penetration testing.
In addition to implementing physical controls, raising user awareness is key. Employees should regularly apply basic best practices, such as keeping screens locked when away from their desks, maintaining clean desk habits, and reporting any strangers seen in restricted areas.
Of course, part of the challenge is that many end users lack the knowledge and training to protect themselves and their organizations. Our 2018 Beyond the Phish® Report — which stresses the need to extend cybersecurity training beyond email-based phishing — explores end-user knowledge across 12 topic areas, including protecting against physical security risks. The physical security risk topics we explore in the report include:
- Understanding and application of physical security safeguards
- How to identify and prevent physical security breaches
Within the physical risks category, our data found that end users in the hospitality industry performed best, with 13% of questions answered incorrectly — a bright spot given the many rooms and areas that need to be secured within hospitality-based businesses. In contrast, end users in the telecommunications industry had the lowest performance, with 20% of questions answered incorrectly. (For data across all 16 industries on this and other cybersecurity topics, download the Beyond the Phish Report.)
Educating Employees About Physical Security
The good news is that the topic of physical security can be easily integrated into your larger security awareness training program. To help employees understand their role in maintaining a safe and secure work environment, educate them on key components of physical security and train them to follow best practices that will help them keep your people, areas, and assets secure. In addition to interactive education, use reinforcement tools like posters, articles, videos, and other security awareness materials to keep physical security top-of-mind for your end users.
As noted by Information Age, “Performing an employee awareness campaign and demonstrating first-hand the ease and danger of physical security breaches is a great way to engage an entire organization.”
Subscribe to the Proofpoint Blog