Cyber security matters - #1 physical security
Posted on behalf of: Better Sussex
Last updated: Thursday, 15 February 2024
As part of our cyber security awareness campaign, we’ll be covering a new and important topic each month to help boost your knowledge and keep you and the University safe and secure.
This month we’re talking physical security – a critically important tool to help mitigate cyber threats.
What is physical security?
Physical security in its broadest sense refers to the protection of people, property and tangible assets from physical actions and events such as fire, flood, natural disasters, vandalism, terrorism and theft.
When we talk about physical security in the context of cyber security, we are referring specifically to minimising the risk to information systems and data.
Case files - a real world example
Whilst much of our attention is often focused on cyber-attacks initiated electronically, it's easy to forget that portable data storage devices represent a big cyber security risk too.
USB sticks, laptops, external hard drives and other similar devices are extremely vulnerable to loss or theft – particularly when taken outside the confines of an organisation’s own premises.
In 2017 for example, a USB stick containing 2.5GB of data, reportedly including locations of CCTV cameras, tunnels and access to restricted areas for Heathrow airport was found lost on a street in west London.
According to reports it contained files revealing information such as security measures used to protect the Queen at the airport, the types of ID needed to access restricted areas and the locations of CCTV cameras and tunnels linked to the Heathrow Express.
As well as the danger of lost devices, hackers can also use hardware like an infected USB stick to gain access to an individual or organisation’s systems.
Once plugged into your device, an infected stick can be used to install malware which can take control of your computer, upload files, track browser history, infect software and even provide a hacker remote keyboard control. In many cases the problems can’t be patched, infected files can’t be cleaned, and the infection is almost impossible to detect.
Source: The Guardian
How can I minimise these risks?
As tempting as it is, if you find a USB stick or similar device lying around, don’t plug it in, hand it in to ITS who can help check to make sure it’s safe.
Never trust unfamiliar drives, scan the ones you do use regularly and take advantage of security options like passwords, PIN keys and data encryption.
Awareness of the tactics that cyber attackers use, coupled with solid hardware and software security will help you to stay free of any nasty digital infections.
How to learn more
Each month to support these articles, we’ll be releasing a matching bitesize training via Proofpoint, our online learning platform. This month’s update will arrive in your email inbox on Tuesday 20 February.