Data breaches are most commonly associated to online or digital where a large corporation or online entity suffers a hack, a system error or human error. These types of breaches are the most widely covered data breaches in the news, and rightly so due to the sheer volume of some of the sizes of data breaches. Physical data breaches can not be ignored, however.
For an example of physical data breaches, consider the Hong Kong Registration and Electoral Office who reported that 3.7 million people had potentially had their information compromised due to misplacing or losing 2 laptops.
According to Shred-it, 51% of small business owners in the US admit that employee negligence is one of their biggest information security risks.
Most businesses still neglect physical security and do not realise that criminals can use social engineering to gain physical access to sensitive or personal data or expensive assets, so physical data breaches are very much a threat.
What can businesses do to ensure that they do not suffer physical data breaches?
ID Cards
Businesses can issue all their employees ID cards, with their name and photo as standard with added layers of security, such as their employee number, a barcode or QR code to scan to confirm their identity.
To increase security further, access control cards or fobs may also be used to restrict who can gain access to specific areas such as the server room or an archive room in their building.
Issuing visitor cards to any visitors instils confidence in the visitor and your employees that your business, assets and those occupying it are worth protecting.
Average fine for data breaches doubles to £146,000 in just a year
Using passwords and encryption technology
Ensuring all employees have password protected computers and devices and such are key should they fall into the wrong hands. Using password management software such as LastPass allows users to create hard to crack passwords and stores them safely and securely.
Transferring data via USB stick can be a dangerous game to play, especially if it were to be lost. There are plenty of ways to transfer files from one machine to another without using a USB stick such as using wetransfer.com which is an GDPR compliant service.
Losing an un-encrypted USB stick can be catastrophic; use USB encryption software to ensure that if it is misplaced, the data cannot be accessed.
Data breaches compromised 4.5 billion records in the first half of 2018
Lanyards
Using coloured lanyards to identify and categorise employees by colour can be a cost effective and organised solution for any businesses or organisations that do not wish to issue employees with personalised branded lanyards. By using colour coding, you will be able to identify which employee belongs to which department or area and will raise questions if an individual with the incorrect lanyard or no lanyard were in the wrong place.
Combining lanyards with employee ID adds an extra layer of security if you were to ensure all employees were colour categorised to identify each department or area. By adding the identification on top of the coloured lanyard security scheme, this would deter any potential intruders from attempting to gain access to the building through social engineering.
Cyber security professionals blame CEOs for data breaches
Access control
Installing an access control system from the entrance of the building to the server or the archive room adds a layer of security that can be customised for every single employee to ensure that only authorised personnel can access sensitive areas of the building.
There are a wide range of access control solutions with the most common being contactless cards and fobs, swipe mag stripe cards or pin/code entry key.
Ensure employees have received quality security and data protection training
Employee negligence can cost your business massively in potential financial fines and reputation. By having your reputation tarnished, low consumer confidence can drive your customers elsewhere such as your competitor(s).
This can be devastating for some businesses and may even cause financial difficulties from potential fines and lack of cash flow.
Updating and issuing regular security training to your employees engages them and shows that you are proactive in protecting them and your assets.
ID Card Centre have their own rules and procedures in place to comply with GDPR. Preventing a physical data breach is of utmost importance due to their own Bureau where a wide range of identity cards are printed, encoded or both with personal or sensitive data.
Ciaran Walsh, works on digital marketing at ID Card Centre Ltd
He says “ID Card Centre have their own rules and procedures in place to comply with GDPR. Preventing a physical data breach is of utmost importance due to their own Bureau where a wide range of identity cards are printed, encoded or both with personal or sensitive data.
Multiple processes are in place to ensure all data received is processed securely, and then deleted once the data is no longer required.
Ensuring you use a reliable and trustworthy business that processes sensitive and personal data is essential.