In the real estate industry, physical security breaches are the most common cause of information security incidents that damage a company’s reputation. So, physical security of data is actually as important – perhaps even more so – than the computer security issues people usually worry more about. Are you following best practices to ensure the physical security of your data? Ask yourself the following questions.
How secure is my office or building?
Your office building should have a door that doesn’t contain large amounts of glass. Windows should be hardened and should either be sealed or have hardware installed to limit how much they open. All glass on the building exterior should include glass-break sensors, as part of a monitored alarm system.
The alarm system should not be turned off and doors unlocked until several employees are present and can monitor visitors. If multiple employees have the alarm code, each should have an individual code for auditing purposes. Test your alarm system on a regular basis.
Consider installing inexpensive web cameras (webcams) on key entrances and hallways, in case an incident occurs.
Do we have separate visitor and employee areas?
Visitors should not have to pass through areas where employees (other than the receptionist) are working to get to your conference rooms or other “public” meeting rooms. The walls between public and employee areas should be reinforced and go to the ceiling. The door between public and employee areas should be a solid-core door and involve a physical key or badge. Visitors and third parties who need to work in the employee area should always be accompanied. If you have individual offices of higher sensitivity inside the employee area – for example, an HR office – keep those offices locked when unattended.
What you’re trying to do is to create what we call in the security industry “defense in depth” – layers inside layers of security, like an onion, where the most sensitive information has the most layers around it.
Are we handling sensitive information securely?
Employees should not leave sensitive information on their desks or in unlocked file cabinets.
There should be cross-cut shredders handy for employees to use to destroy information they do not need to maintain.
This next part is crucial: Computers, printers, and fax machines should be bolted or cabled to the office furniture. Laptop cables should be used to secure laptops during the day. Mobile devices such as phones and tablets as well as flash memory drives should either be kept on one’s person or locked in a drawer when not in use.
What about when I’m on the go?
Of course, sensitive information is not always going to be located in a secure office, especially when in transit. Consider a locking attaché case for sensitive documents and electronics, with easily findable instructions for how to return it to you if lost.
With a little care, you can make significant improvements to your office security and information security. Want to learn more? Looking for tips on securing data at your home office? A more in-depth guide to evaluating the physical security of your data is available on REALTOR Link®.
This is the second in a series of short articles here on CREA Café intended to help make the subject of information security more accessible – and understandable. We hope you’ll help raise information security awareness by sharing the articles within your office and through your own online community, as well. For more information on information security best practices for REALTORS®, Brokers, and Boards and Associations, please visit REALTOR Link®.
The article above is for information purposes and is not legal advice or a substitute for legal counsel.