Welcome to the Inside Secure-IT series of articles. Inspired by an alert from the US-CERT at the beginning of October describing the threat posed to MSP's by hackers and other ne'er-do-wells. Our response, a comprehensive series of posts that takes a look at what we do at Lighthouse IT to keep your company data secure both on and offsite.
Network security starts at the physical level
There is a lot of worry about network security these days. With hackers trying to steal private information we have implemented various security measures to try and deal with them like firewalls, anti-virus programs, and long complex passwords. However, there is an equally important layer of security that most people do not consider when trying to protect their servers, and that is the physical security. Even if you were to make your server as hacker proof as possible that would hardly matter if someone was able to simply walk up to your server and tamper with it.
DOORS, LOCKS, AND SURVEILLANCE
There are several steps you can take in order to secure and protect your servers, one of the first being to keep it in its own room. Of course, a room alone only provides so much protection, but there is plenty you can do to make that room more secure, the most obvious is to lock the door. Specifically, a single full door as opposed to a door and windows because in order to raise security you will want to limit the number of entrances to your server room. This limits the number of ways people can break in. There are also various types of nonstandard locks you could use such as keypad, card scanner, or even finger print scanners. Surveillance is also important as it can allow you to catch people as they attempt to break in, granting you the chance to stop them. While surveillance usually means security cameras, it is not limited to simply that method. You could also employ the use of devices like motion or sound detectors and loud alarms.
You should also limit the number of people who have “keys” to open said locks. This can include actual keys, or just codes to a lock. Ideally, you should only be giving them to the people who would need direct access to the server room. Granting only those that need access, like IT admins and business owners helps cut down on problems that may arise later. We have seen entire companies brought down because an employee unplugged the main power because the server fans seemed too loud. This obviously is a bad idea, but they may have had issues in server closet permission access and possibly even simply understanding the importance of these servers and their functions… But that is another topic entirely.
Unfortunately, people (both malicious and ignorant) are not the only thing that can threaten your physical servers. Nature, ever indifferent to your problems, can also be a threat. Unfortunately, there is only so much one can do to defend against natural disasters. A good step would be to fire proof your server room as much as possible. You could even go as far as installing a sprinkler system in that room and ensuring that you have a waterproof server cabinet. The most common problem that natural disasters cause though is a power outage. Thankfully there is rather good protection against loss of power, specifically surge protectors to prevent the circuitry from frying and uninterrupted power sources (UPS) to keep your server running even when the building does not have power. The best defense though, is to have a backup offsite. So, backup often!
THE ULTIMATE SECURE-IT CHECKLIST: STAY AHEAD OF THE SECURITY THREATS!
Protect your company's well-being. The best defense is an aggressive offence. Be active in securing your data. Passwords, networks, backups, mobile-devices, etc. are all critical places that a company cannot afford to have compromised. Follow each item and make sure you meet top security best practices.
WHAT DO WE DO?
Here at Lighthouse IT Solutions, physical security is just as important and digital security. We house our network gear and servers in a separate, locked room from our main office and only few people in the company have direct access to the servers. We have surge protectors in place as well as an uninterruptible power supply. Datto, our backup provider, handles all of our offsite backup needs and we have scheduled them to ensure we do not loose too much in the event of data loss.