GDPR has taught all company directors that Cyber-security is their problem - a problem with sharp teeth, but physical security can be delegated – OR CAN IT?
We have all heard the stories of huge fines for not securing customer data or for holding data without a “legitimate reason”. This has led to Board level involvement with Information Security, but physical security is still something that is usually managed by a junior manager or is outsourced. After all, the company is insured and is unlikely to liable for prosecution if someone breaks-in – right?
But what if someone breaks in and steals an information asset: a laptop; memory stick or external disk drive? No one in the organisation would get confused by all the different requirements for password construction, would they? So, there is no way that someone could find a password list in a drawer under a laptop, is there? Of course there isn’t, unless of course you happen to live in the Real World.
So that break-in many have caused your company to lose an information asset and to give access to an unauthorised individual. Now perhaps you would start to feel worried, does a call to the ICO beckon?
Physical security is the foundation of information security – ask any bank.
Your information security is only as secure as your physical perimeter protection. 100% security is impossible, but managing physical security at Board level and making the best reasonable effort to secure the physical perimeter will mitigate prosecution risk and reduce insurance premiums.
Talk to Tether.