While you may be inclined to spend a lot of time and energy securing the IT systems in your business, there are a number of things you can do inside and around your office as an extension of your IT security. For small businesses, physical security is an important part of the overall goals to maintain information security. If any experienced hacker is able to just walk up to your machine, it could be compromised in a matter of minutes. Other risks can come from the inside, from someone who might have access but uses it maliciously. Damage could be caused by other mishaps, such as inadvertently spilling coffee on equipment, or even fire or flood. Fortunately, most threats can be avoided with some smart physical security measures. Let’s discuss a few of those measures now.

What needs protecting
First of all, you need to think about what you have to protect and whom you have to protect it from. Measures should be taken to physically protect anything that has data on it. Take this time to mark computers and components with identifying information, including your company name and location. As you do that, you should also create an inventory of the serial numbers of the computers and components so they can be identified and recovered if stolen.

Place equipment in the safest place
Small businesses with their own servers quite often have their servers residing in hallways, reception areas, or other publicly accessible spaces. That does nothing to protect the servers from malicious activity, accidents like spilled beverages, or having unprotected cables out in the open, which makes them easy to trip over. It is vital that servers are kept in a separate room with adequate ventilation–preferably behind a single door–and definitely under lock and key. Along those lines, hubs and switches should be kept behind looked doors or in locked cabinets, with the cabling running through the walls and ceilings so it is harder to tap. When finding a location for important equipment, do not put it in rooms with windows. Windows can be broken, forced, or accidentally left open.

On that note, position all monitors so their screens do not face windows or open areas. It is also thought that light reflecting off of walls can be used to recreate monitor displays– so if you must sit by a window, facing the monitor screen perpendicular to windows would be best because it prevents any kind of visual access from outside.

Who has keys?
Keep track of who has keys–employees, cleaning service, building maintenance–and what keys they have. Do they all need the keys in order to their job? Keys to the storage closet and building may be reasonable for some, but do they really need access to the server room or the mailroom? If you know what everyone has keys to, should a physical security breach happen you will at least know who had keys to get in. And most importantly, make sure to get keys back from employees and maintenance crew that are no longer going to be on the job.

Protect your backups
You know that making backups is a great idea. Just don’t undo all the good you’ve done by leaving the backup tapes out in the open where they are vulnerable to accidental or intentional physical damage or theft. Make sure you have a fireproof safe for things like backup disks and other small valuables.

Passwords
Access to every PC should be password protected, and you are probably aware that it is important that any passwords written out should not be visible. However, if you have such a variety of passwords that you must write down somewhere, store them in a locked drawer or safe, NOT under your keyboard or beside your monitor.

Remember to lock the PC
Every computer user should get in the habit of locking their computer when away from it–even if it’s just a few minutes. In Windows NT, Windows 2000, or Windows XP, all you need to do is Ctrl+Alt+Delete, then "k" (the shortcut for the Lock button).

Other considerations
Of course, all the IT security measures on the machine to protect the data are irrelevant if a thief’s goal is to steal a whole machine or open it up and steal sensitive parts such as the hard drive or other storage media. That kind of thief doesn’t even care about the potential value of the data in the machine. For that reason, you should always lock the CPU case. Most desktop and tower cases have locking lugs that you can use to keep an intruder from opening the case. And if you have a laptop computer, you need to use a cable-type security lock to keep someone from stealing it. There may be additional antitheft techniques built into your computer, so consult the documentation that came with your computer to find out more.

You might consider whether it's worth the expense of using a motion-sensor alarm in the room where the computers or server is located. In some cases, you might find that security systems that cover the office area may be a deductible business expense.

Every night before you leave the office, get in the habit of making a visual sweep around to see that the fax machines, printers and copiers are clear of business communications, everyone’s computers are locked (or powered off), and all desks are clear of passwords or other valuable materials. Most of these physical security measures cost nothing, but they will give you piece of mind knowing you have taken positive steps towards increasing your business’ security.