Every week there are stories about security breaches and guidelines issued on improving security to avoid breaches; from trade bodies, industry experts, software vendors and the Government. For many SMEs, the whole subject can be confusing. Is this something they should be concerned about? And do you, for example, have to do everything in the guidelines or just some things? This series of blogs provides an introduction to Information Security and what it means for an SME.

Previous blogs looked at what Information Security means https://www.tiptopmedia.co.uk/blog/what-is-information-security and if this is relevant for your business https://www.tiptopmedia.co.uk/blog/is-information-security-relevant-for-my-business. Assuming it is relevant to your business, you need to look at how to protect your assets. This blog takes a high level look at how to protect physical assets.

What are physical assets?

Some are obvious – paper records, servers, desktops, laptops, tablets, phones, and USB devices – while others may not be so obvious. They could include air conditioning units and CCTV cameras, for example.  The starting point is to have a list of all your physical assets.There are many ways to protect assets; some are part of guidelines issued by trade bodies etc. To decide on which guidelines are relevant and cost effective, there needs to be a risk assessment of how a breach would impact confidentiality, integrity and availability (shown in part 1).

Paper records

Store in locked fireproof cabinets.

Don’t leave anything sensitive on desks.

Have clearly marked confidential waste bins. Ensure waste in these bins is treated as confidential and is not mixed with bags of normal paper waste.

Server, Desktops and Laptops

Encrypt drives and use a password to gain access.

Use anti-virus and anti-malware software.

Apply software patches.

Use remote wiping software on laptops.

Securely wipe disks and devices before disposal.

Tablets and Mobile phones

Encrypt the device – a password or fingerprint must be entered to gain access.

Use anti-virus and anti-malware software.

Data must be synced to secure cloud storage.

Apply software patches.

Enable remote wiping facilities.

Securely wipe before disposal.

USB devices – USB sticks and Hard drives

Use hardware or software encrypted devices.

Securely wipe before disposal.

Other assets

Air conditioning – service in line with manufacturer’s recommendations.

Printers – securely wipe the memory before disposal (if applicable).

CCTV cameras – mount in a location that cannot be easily accessed so it cannot be unplugged. Securely wipe before disposal (if applicable).

The next blog will look at how to protect electronic assets.

Other blogs in this series

What is ‘Information Security’? https://www.tiptopmedia.co.uk/blog/what-is-information-security

Is Information Security relevant for my business? https://www.tiptopmedia.co.uk/blog/is-information-security-relevant-for-my-business

Find out more on how to improve your information security at https://wadiff-consulting.co.uk/first-step-to-improving-information-security/

Ian Grey
WADIFF Consulting