March

NIST PR.AT-2

“Securing Sensitive Information”

Physical Security

Even the strongest digital firewall cannot protect data if an unauthorized person can physically walk into our office and access a workstation or server.

Cautionary tale: The Donut Breach

In a famous “Piggyback” breach, a penetration tester (a professional hired to test security) managed to enter a high-security data center without a badge or a key.

The Tactic: The intruder carried a large box of donuts and waited near the secure entrance. A helpful, well-meaning employee saw him struggling with the box and held the door open out of politeness. By being “helpful,” the employee accidentally bypassed the badge reader entirely, allowing an unidentified stranger into the heart of the company’s infrastructure.

The Lesson: Social engineering exploits our natural desire to be polite. Security isn't 'rude'—it's a requirement for a safe workplace.

Guarding the Physical Perimeter

  • The “Anti-Tailgating” Rule: Tailgating (or piggybacking) occurs when someone follows another through a secure door, bypassing the badge check.

    • To avoid this, politely ask, “Do you have your badge?” or wait for the door to close behind you.

  • Clean Desk Policy: Sensitive information isn’t just on your screen; it’s on your desk. At the end of the day and during breaks, ensure that no passwords, client files, or USB drives are left out in the open.

  • Screen Locks: Whenever you step away from your desk—even for a quick coffee—lock your computer (Win + L or Cmd + Ctrl + Q). An unlocked PC is an open invitation for data theft.

Physical Security: Common Warning Signs

  1. Unidentified Visitors: Look for people wandering in secure areas without a visible visitor pass or employee badge.

  2. Propped Doors: Never prop open a secure door with a trash can or heavy object “just for a minute.”

  3. USB “Drops”: If you find a random USB drive in the parking lot or breakroom, do not plug it in. It may contain malware designed to trigger as soon as it touches your PC. Turn it into IT.

March Checklist

  • Make the Pledge: Set a goal to lock your screen every time you step away.
    • Pro tip: Write a reminder to lock up on a sticky note. Place it somewhere you won’t miss it!
  • Badge Check: Ensure your badge is visible at all times while in the building.
  • Spring Cleaning: Take 5-10 minutes to shred any old documents containing sensitive data that are sitting on your desk.
Symbol Security

Ready to Implement This Month's Security Focus?

Deploy automated security awareness training with Symbol Security. Schedule simulations, track progress, and measure improvement across your organization.

Get Started Today View Full Calendar