Depending upon my mood, I am both concerned and amused by all the noise surrounding the recent spate of White House fence-jumpers. (Robotic dogs? Bullet-proof suits? Great stuff!) But I am also educated by it, for it exposed a troubling lapse in basic physical security that should serve as a lesson for anyone with information governance aspirations.
The short of it is that we spend so much time worrying about unauthorized electronic access to our content that we sometimes don’t pay equivalent heed to the more corporeal risks that abound. For example, your organization may have implemented the greatest firewall, VPN, and sign-on protections possible to keep outside evildoers at bay. But has it done anything to keep people on the inside from, say, walking over to an unlocked workstation and copying stuff they shouldn’t onto a USB stick?
No one wants to believe that their employees would ever do such a thing, and in your case, perhaps they wouldn’t. But what about visitors to the office – do you require them to sign in and/or show an ID before entering? As a consultant, I sometimes run into situations where not only do I have to do those things, but I’m also obliged to leave my smartphone with security (or at the hotel) because it has a camera in it – and as we know, a picture of a computer screen or paper document can be worth a thousand confidential words.
As a matter of practical fact, most organizations have no real need to go to this extreme. But the question is one worth considering because of the focus it places on what may be the weakest link in your information security chain: the front door to your mansion.