How Physical Security Can Help Mitigate a Data Breach

Posted on Monday, May 18, 2020

Something small and assuming like a USB stick can be worth its weight in gold. Flash drives are perfect for portable storage, and with some able to carry over 256GB of data, they can hold almost everything you need.


They normally weigh about 10-12 grams making them both wonderfully easy to carry and incredibly easy to lose or steal. Their enormous capacity means that a misplaced USB, carrying sensitive data can have terrible consequences for its owner.


This was brutally exposed at Heathrow Airport when a lost a flash drive containing sensitive personal information of security workers, as well as a training video that exposed the names, dates of birth and passport numbers of ten more people. A mistake that cost Heathrow £120,000 in fines from the Information Commissioner’s Office.



Taking physical security seriously


Fines are a serious consequence of loss of data — up to 4% of turnover in the case of GDPR —  but if anything the reputational damage from a major data loss can be even worse. So what are businesses doing to protect the physical security of corporate devices? Not much, apparently. Employee training or hiring a competent IT support company can make a critical difference.


Despite what is spent on antivirus, threat detection, encryption and other logical security measures, physical protection strangely over-looked. Everybody agrees that it’s important to protect corporate networks and data, but few organisations take it as seriously as the more headline-grabbing data breaches.


In 2018 businesses spent nearly $100 billion on information security, even though the proportion of global firms experiencing data breaches rose in the same year. It’s, of course, important to invest in logical security systems, but many do so at the neglect of much more affordable measures that would have a major impact on protecting themselves from data breaches.


USB sticks are so common that we seem to have started to take them for granted. This really shouldn’t be the case. Sometimes the smallest items or smallest mistakes have the power to cause us the most damage.



 Fast fingers and prying eyes


It’s not a great surprise to find out that physical safeguards are taken far less seriously than logical security. Invisible threats are more threatening and mysterious — a North Korean hacker stays longer in the imagination than a light-fingered thief or a snooping person looking over a shoulder on public transport.


The FBI describes laptop theft as one of the world’s top three computer crimes. While allowing sensitive information to be read off your screen – perhaps a rival from a competitor company on that New York to London flights — can cause insurmountable damage.


Businesses have to learn to teach their employees that taking more care with using sensitive data is vital. The good news is that doing so is simple, cheap –  and once you get used to it, just becomes part of your everyday routine.


Cable locks are an excellent way to guard against hardware theft and can be used whenever they are away from their device, even for short periods. It’s amazing that we seem to take more care of a bicycle we have had for years and barely works than devices that may cost several thousand pounds have data on which can worth eye-watering amount when lost.


Of course, this kind of physical protection needs to be accompanied by employee education so that everybody in your business is aware of the potential threats to corporate data and the consequences of a breach – whether it’s on the Tube, in the pub or on a Business Class flight to the other side of the world. Privacy screens and cable locks need to become so part of your routine you don’t even think about doing it.


When data is worth far more than gold, it makes you wonder why we are doing so little to hold on to it.


About Mustard IT, your technology partner

Mustard IT is a trusted team, experienced with the latest technology and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.