Information security isn’t just about electronic data; it’s also about physical risks too. Research shows that human error is the leading cause of security failures in organisations. Imagine a thief managed to access your office, how much confidential information could they get a hold of in just a few minutes?
What is physical information security?
Physical information security relates to an institution’s need to safeguard information and data it holds on computers, media storage devices and in paper files. The physical and procedural challenges of keeping information secure have evolved as we are now able to access information wherever we are. Organisations typically rely on technological solutions to solve physical security problems – such as card access systems to enter a building. But physical information security is about much more than this. We can put in procedural controls, but individuals must take ownership and responsibility for their workplace and their actions
Managing the risks
There are several steps we can all take to help reduce risk and maintain our physical information security:
- Lock your computer to ensure no-one else can access your files – this maintains confidentiality, integrity and ongoing availability of data.
- Secure your paperwork if it contains confidential information. It’s good practice to lock all paperwork away as good practice.
- Avoid using USB sticks and make sure to follow the University’s Access Control Policy.
- Secure your personal devices. The introduction of Bring your own device (BYOD) means we now hold lots of work data on our personal smartphones, tablets and laptops. These devices can be tempting and easy targets for thieves, so make sure to lock them routinely.
- Confidential information must be disposed of properly using the facilities available to you. Any confidential paperwork should be shredded when it is no longer needed.
- Look after your staff ID card. The majority of University buildings are open to the public; however, sensitive areas are restricted and require a staff ID card to enter. If you lose your staff ID, you should report it as soon as possible to Campus Security.