By Anthea Mumby
When it comes to securing ‘cyber assets’ (any programmable electronic devices and electronic communication networks), many architects and design professionals think of only mitigating risks such as e-mail spam, phishing schemes, and malware that could infect their computer systems. However, cyber assets can also be compromised physically.
In fact, design professionals are especially susceptible to cyber asset attacks simply because of the nature of their work. They have so much valuable customer and business information stored on electronic systems and these physical systems need protection. The following six steps will help ensure the safety of the systems.
1. Secure company facilities
It is easy to think about physically securing a company’s facility as merely locking the doors and keeping files in locked cabinets. However, maintaining facility security also includes the physical environment of public spaces. For instance:
- computers with access to sensitive information such as private client designs or financial information should be oriented away from publicly accessible spaces;
- log-on information should not be written on small pieces of paper affixed to computer equipment viewable in public spaces;
- easy-to-grab equipment containing sensitive or personally identifiable information (PII)—such as laptops, tablets, and mobile phones—should be located away from public areas (if employees work with their clients in a public area such as a reception area or even a boardroom, they should be trained not to leave their devices unattended);
- cable locks can increase security for laptop computers by securing the port to the employee’s desk (the key should be stored in a secure location away from the desk); and
- tracking software can be installed on laptops with extremely sensitive information—these programs usually run unnoticed, and allow stolen computers to be located more easily (many also allow administrators to wipe the hard drive remotely, if necessary).
2. Minimize and safeguard printed materials
The client-centred nature of designing makes it likely that client documents will be printed in hard copy at some point. While this may be necessary in some instances, the most effective way to protect sensitive information is to minimize the number of documents stored in this manner. Procedures should be established limiting the number of copies of printed reports, memoranda, and other material containing PII.
Copies of material containing sensitive information should be safeguarded by providing employees with locking file cabinets or safes. Employees should be trained to understand that simply leaving the wrong printed material on a desk, in view of the general public, or even clients who are visiting the office, can result in consequences affecting the entire company and customers.
3. Ensure mail security
The mail centre can introduce a wide range of potential threats to a business. To determine the potential threat from mail, the number of people having access to every piece of mail coming through the door should be calculated.
Next, a mail-handling procedure, clearly outlining who receives the mail and how each piece is handled, should be established. It only takes one missing document to expose the company and clients to risk of fraud, theft, and other financial damages.