4 minutes read time
In a study by PwC this year, it was found that 34% of security incidents are attributed to insiders attacks on information security, including trusted third parties and employees.
This is an alarming rate, and serves to remind us that physical security is just as important as cyber security. In fact, they are often closely linked.
Without a comprehensive and effective physical security plan empowered with visitor and employee management, organizations are at a constant risk from their visitors, contractors and employees accessing and stealing their IP and other sensitive types of data.
It’s important to remember that an internal security breach may not necessarily be by a malicious attacker, but can also be by an uninformed or careless insider. To ensure employees are security-conscious, build up a strong security culture in your organization.
Have a set of guidelines for ‘red flag’ activity and a clear protocol for what to do in the event of a security breach.
For example, every employee should know how to spot a phishing email. Phishing attacks are one of the most common methods of targeting business, and are sometimes difficult to identify to the untrained eye. Phishing attacks attempt to steal passwords, credit card details or other sensitive information.
Employees should be hardware-savvy too. Have you ever found a USB flash drive and plugged it into your computer? If so, you potentially opened yourself up to a cyber attack.
Hardware security is just as important as online security; attackers have been known to post malware-infected USB flash drives to targeted businesses, and may even drop them in victims’ buildings or parking lots.
Your physical security system should be designed to reduce the threat of both outsider and insider attacks.
Of the two types of attacks, the threat posed by insiders is much more difficult to evaluate and combat. Malicious insider attackers could be passive or active, violent or non-violent. The attack could be spontaneous or it could be premeditated and calculated.
Malicious insiders are likely to be in positions of power or trust, with access to sensitive information, or who are able to abuse their authority or physical access rights – for example, emergency response personnel.
There is no reason for anyone to be able to enter or leave a company and wander the premises without being recorded and tracked, including employees and other insiders.
It’s important to know exactly who’s on-site at all times – particularly if you store sensitive data or operating information at your workplace or facility. If your organization is victim to an insider attack, accurate people presence reports will be invaluable.
Use people presence and visitor management software, like WhosOnLocation, for all visitor, contractor and employee sign-ins. This will enable you to run people presence reports for any given time – i.e. for a window around the time of a security breach, if you know when it occurred.
For more comprehensive people presence management, don’t just track who is on-site but track any key movements around the site too.
Restrict access to all zones and entry/exit points, and integrate these control mechanisms with digital security systems for advanced, real-time tracking and reporting. For extra security, use photo ID cards linked to visitor records so that these can be checked against surveillance footage.
Security and management personnel can keep track of everyone who enters and leaves the facility, control access rights for different areas, as well as standardize access and security procedures across different locations. WhosOnLocation enables staff to view visitor details, assign badges and modify any visitor’s permissions.
It’s no longer enough to have haphazard or incomplete people presence tracking at your site. Visitor management and employee time and attendance software is a staple for security-conscious organizations.
WhosOnLocation is a secure, cloud-based people presence management software that enables organizations to keep a record of all people on-site. Security features include ‘red flag’ alerts that fire when someone on a watchlist enters the site, visitor and employee access card printing, photo identification and real-time reporting.