June 2018: Beef Up Your Physical Security

min read

Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.

With the threat of hacking, malware, phishing, and other digital threats constantly looming, it can be easy to overlook the importance of communicating physical security best practices to your community. Think of your security awareness efforts like an exercise regimen; only focusing on strengthening a few parts of your body will leave the rest more susceptible to injury. Similarly, an unbalanced program can lead to significant gaps in your community members' ability to respond to cyberthreats down the line. Here are resources and tips to share with your community members to remind them not to skip out on physical security!

Get the Word Out

Newsletter or Website Content

Employing good physical security practices does not have to include hiring a detachment of the queen's guard for your campus (though this might be a nice attraction for prospective students!). Instead, just getting the word out to your community about the importance of a few basic physical security tips can substantially improve your institution's security risk profile. Below are some tips to share with your community:

  • Prevent tailgating. In the physical security world, tailgating is when an unauthorized person follows someone into a restricted space. Be aware of anyone attempting to slip in behind you when entering an area with restricted access.
  • Don't offer piggyback rides. Like tailgating, piggybacking refers to an unauthorized person attempting to gain access to a restricted area by using social engineering techniques to convince the person with access to let them in. Confront unfamiliar faces! If you're uncomfortable confronting them, contact campus safety.
  • Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing away. Organizing campus-wide or smaller-scale shred days can be a fun way to motivate your community to properly dispose of paper waste.
  • Be smart about recycling or disposing of old computers and mobile devices. Make sure to properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
  • Lock your devices. Protecting your mobile devices and computers with a strong password or PIN provides an additional layer of protection to your data in the event of theft. Set your devices to lock after a short period of inactivity; lock your computer whenever you walk away. If possible, take your mobile devices and/or laptop with you. Don't leave them unattended, even for a minute!
  • Lock those doors and drawers. Stepping out of the room? Make sure you lock any drawers containing sensitive information and/or devices and lock the door behind you.
  • Encrypt sensitive information. Add an additional layer of protection to your files by using the built-in encryption tools included on your computer's operating system (e.g., BitLocker or FileVault).
  • Back up, back up, back up! Keeping only one copy of important files, especially on a location such as your computer's hard drive, is a disaster waiting to happen. Make sure your files will still be accessible in case they're stolen or lost by backing them up on a regular basis to multiple secure storage solutions.
  • Don't leave sensitive data in plain sight. Keeping sensitive documents or removable storage media on your desk, passwords taped to your monitor, or other sensitive information in visible locations puts the data at risk to be stolen by those who would do you or your institution harm. Keep it securely locked in your drawer when not in use.
  • Put the laptop in your trunk. Need to leave your laptop or other device in your car? Lock it in your trunk (before arriving at your destination). Don't invite criminals to break your car windows by leaving it on the seat.
  • Install a remote location tracking app on your mobile device and laptop. If your smartphone, tablet, or laptop is lost or stolen, applications such as Find My iPhone/iPad/Mac or Find My Device (Android) can help you to locate your devices or remotely lock and wipe them.
You never know who will drop by. You have enough to worry about. #lockdownURlogin Lock Down Your Login
Source: STOP. THINK. CONNECT. You Never Know meme.

Figure 1. Use this image to support your message

Social Posts

Note: These are Twitter-ready, meeting the 140-character length restriction.

  • #Cybersecurity isn't enough. #PhysicalSecurity is also critical for protecting our community from #InfoSec threats! #CyberStrong #CyberAware
  • Don't hold the door for strangers when accessing a restricted access area. Brake for tailgaters! #CyberStrong #CyberAware
  • Friends don't let friends skip #PhysicalSecurity! #CyberStrong #CyberAware
  • Shred it or regret it! Dispose of sensitive data properly to deter dumpster diving criminals. #CyberStrong #CyberAware
  • Protect mobile devices & computers w/ strong passwords. Set them to lock after short periods of inactivity. #CyberStrong #CyberAware
  • Back up your files now. You'll thank yourself later if they're lost or stolen! #CyberStrong #CyberAware
  • Install remote location tracking apps on your mobile devices now to save yourself from a headache later. #CyberStrong #CyberAware
  • See someone unfamiliar or suspicious? Ask them if they need help finding something (or call campus safety!). #CyberStrong #CyberAware

E-Mail Signature

Ask staff members to add a tip to their e-mail signature block and link to your institution's information security page.

Example:

Jane Doe

Information Security Office

XYZ College

Beef up your physical security! Learn more. [Link "Learn more." to your institution's information security department page or the DC Police Department's tips for preventing theft of laptops and personal electronics.]

Embed or Share Videos

Physical Security: MediaPro Security Awareness Animation (1:09 min)


The Importance of Passwords on Mobile Devices (0:32 sec)


Warning: Laptop Thieves (1:54 min)

Resources

Share these resources with end users or use them to inform your awareness strategy:


Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

© 2018 EDUCAUSE. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.