You’ve probably seen them used interchangeably, but distinctions between cybersecurity and IT security are important to understand to ensure accurate communication with stakeholders and vendors alike.While both involve keeping your data secure, cybersecurity refers to the prevention of unauthorized electronic access to that data, while IT security refers to protecting the confidentiality, integrity, and availability of that data. And, while both address risk in the digital world, the scope of IT security extends to the physical world and where the two intersect.So while cybersecurity has been increasingly used in recent years as perhaps the “sexier-sounding” term, it is frequently used by someone who is actually referring to the more holistic IT security, which encompasses the increasingly critical but oft-neglected arena of physical security.
Foray Into The Physical
When it comes to the protection of your data, physical security addresses the spaces in which devices are used and data is transmitted—most predominantly, the office. Physical security measures are designed to ensure only authorized personnel can access facilities and equipment (think locks, surveillance, security guards, intrusion detection, and other deterrents), that access is managed tightly (think key cards or fobs that have assigned weekday hours), that devices and systems are protected from damage or harm (think fire prevention, theft prevention, climate and lighting control, etc.), and that devices and systems will not fail under stress (think adequate power sources, disk storage, backup, and remote access).What physical and digital security have in common is how each must change with the times. Take 2020 for instance, when the pandemic led to rapid expansion in remote work, creating unprecedented intermixing of personal and business spaces and devices spread across the Internet of Things. Even in a more typical year, workplaces face regular challenges to innovate physical security, as malicious actors find new ways to compromise network-reliant measures that play a key role in physical protections, such as building access systems. Additionally, many “analog” devices have some link to the digital world, and as such, they’re potentially susceptible pathways for hackers into your company network. So how might you ensure your physical security is up to par?
Build A Bridge
On a company-wide scale, your employees should understand that physical security for your network, data, devices, and office space is just as critical as digital security. Get your whole team into the habit of changing physical security credentials as regularly as passwords, and be sure your IT team has the bandwidth and direction to install product updates and patches in a timely fashion.Consider, too, that a significant portion of physical security is about preventing further access in case of a breach. A single surveillance camera linked to a digital network can be a hacker’s point of access, whereupon they can take control and infiltrate other devices or your whole network. Bolstering your endpoint security is a good safeguard, but so is building defenses into all your systems, analog and digital, across the board and especially throughout initial deployment.Getting a new physical security system? Ensure that your installers have an understanding of present-day physical and cyber risks and work with your IT security team to address potential vulnerabilities for your distinct environment in conjunction with the new system. The process of installation should be supervised through every step, since misconfigurations (intentional or not) can set up malicious actors for an easy hack. Also be aware that many physical security systems come with default credentials and settings; needless to say, it’s important to change those immediately to ensure developers and installers are denied access.In the end, your IT security team needs to have a complete understanding of how your physical security measures operate, individually and in conjunction with digital security. Communication is key, and in the event of a breach, a comprehensive debrief should include examination of failures in all areas of security, as well as identify opportunities for shoring up vulnerabilities with strategies that take advantage of both digital and physical measures.