Protecting - Where do I start? - What are the sources of threats to my information systems? - Physical security

Protection against intrusions into your computer system by outsiders is an essential element of your e-security policy. But it's not just intrusion via the Internet that you need to guard against. The following issues relate to physical safety of the computer equipment on which your information is stored,  the premises in which they are stored, and staff who have physical and electronic access to systems and information.

Physical security

It is vital to have physical security policy for IT equipment for protecting confidential data. You may need to consider approaches such as:

• ensure your workplace IT equipment is stored in a secure and lockable location
• keep up-to-date logs of all equipment
• take out appropriate insurance policies and develop emergency repair plans
• put extra measures in place for notebook computers (such as encrypting all data stored on them)
• make sure all staff are aware of security policies and report any suspicious activities.

Personnel security 

It it important to recognise that internal staff can pose a security threat as well as external hackers since staff already have ready access to the company's information.

Measures you can take to minimise internal risks include:

• make sure passwords and access systems are revoked when staff resign
• do not give any single member of staff complete access to all data
• keep logs documenting access to key business information
• implement and maintain a strong password policy 
• conduct regular internal security audits.