Cybersecurity starts with strong physical security. Lapses in physical security can leave your business exposed to identity theft or data breaches, resulting in serious consequences.

Consider these scenarios:

• An employee leaves a flash drive on a café table. When they return hours later, the drive—containing hundreds of Social Security numbers—is gone.
• Another employee throws away stacks of old company bank records in the trash, where a thief finds them after business hours.
• A burglar enters your office through an unlocked window, stealing files and computers containing sensitive business information.

These incidents illustrate how simple physical security measures could have prevented serious risks. Below are practical steps to protect your equipment, paper files, and data.

How to PROTECT equipment and paper files

Sensitive information is not just digital—it’s also found on paper or stored on physical devices. 

Follow these steps to protect it:

1- Store securely

• Keep paper records and electronic devices with sensitive information in locked cabinets or rooms.

2- Limit physical access

• Allow access to sensitive records or devices only to employees who need it. 

3- Send reminders

• Send reminders to:
  • Store files in locked cabinets,
  • Log out of company networks and apps,
  • Never leave sensitive files or devices unattended.

4- Keep stock

• Track all devices (e.g., laptops, point-of-sale systems) that store customer information.
• Only keep the data you need and regularly review who has access to it.

How to PROTECT data on your devices

Even with strong physical security, theft, loss, or accidental misplacement of devices is always a risk. But you can minimize damage by ensuring the data on those devices is protected.

1- Require complex passwords

• Set long, complex passwords and store them securely—preferably in a password manager.

How to setup a strong password?

2- Use multi-factor authentication

• MFA adds an extra layer of security by requiring a temporary code or physical key along with a password.

What is MFA? How is it useful?

3- Limit login attempts

• Set a limit on the number of incorrect login attempts to prevent unauthorised access to devices.

4- Encrypt

• Encrypt laptops, flash drives, and other portable media containing sensitive information.
• Use encryption for any sensitive data sent outside the company, such as to accountants or shipping providers.

TRAIN your employees

Your employees play a key role in maintaining strong security. Regular training and reminders will help reinforce these habits.

1- Shred documents

• Use a shredder to destroy paper records containing sensitive information.

2- Erase data correctly

• Use specialized software to permanently erase data from old computers, mobile devices, and copiers. Simply hitting “delete” won’t fully remove the file.

3- Promote security practices in all locations

• Security practices shouldn’t stop at the office. Encourage employees to follow the same precautions when working remotely or traveling.

4- Know the response plan

• Make sure staff know exactly what to do if a device or file is lost or stolen, including who to notify and the next steps to take.

Remember, cybersecurity isn’t a one-time task—it’s an ongoing effort. By following these physical security tips and training employees to adopt good practices, you’ll build stronger defenses against potential threats.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

---