BankOnIT Insights

Information Security Brief - September 2023

Written by BankOnIT Insights Department | Sep 8, 2023 4:24:15 PM

Unlocked and Unsecured

The Importance of Physical Technology Security

Financial institutions manage vital assets and information for their communities. An essential role of a financial institution is to protect its customers' private information,  monetary and physical assets. You wouldn't leave the cash register open and unattended while on lunch, and you especially wouldn't leave the vault and safe deposit boxes unlocked and unattended. As important, do not leave your computer unlocked while you are away. Physical technology security is the first level of defense and the most vulnerable layer. Many physical technology security attacks often prey on the hustle and bustle of your work day, convenience, and curiosity.

Simple Tips to Keep Data Physically Secured

Main types of physical security-related behavior [1]:

  • See Something, Say Something
    • Keep an eye out for suspicious equipment around the office and connected to your institution’s systems.
  • USB Practices
    • Do not connect unknown USB devices to your computers. This is one of the simplest and easiest ways for attackers to access your data. Many organizations choose to restrict USB access, a great practice, but users need to be conscious.
    • USB drives can be a quick and easy way to transfer information from one system to another or even for traveling, but they can be lost even easier.
  • Locking Workstations
    • Implement the same practices with a cash register; if you are out of view of your computer – lock it. Your workstation possesses more data and financial access than ever before.
  • Passwords
    • Do not let convenience overshadow security in regards to passwords. Ensure you do not share passwords with others and avoid keeping any physical copies of your passwords.

The Federal Trade Commission published tips and guidance, including some items shared in this article, focusing on protecting digital and physical assets. They have also created materials that can be shared with your customers to ensure they keep physical security in mind. Federal Trade Commission: FTC Physical Security PDF.

--

[1] Moody et al. (2018) "Toward a Unified Model of Information Security Policy Compliance"