Physical security is an essential factor in the university’s strategy to protect its data from cybercrime. University data includes information about every student and employee, where the level of sensitivity ranges from unrestricted web content such as class schedules to ultra-sensitive data such as social security numbers. NC State must address all cybersecurity risks, even physical space.
Here are some basic security considerations to think about when creating physical spaces on campus:
- How sensitive are the assets being collected, processed or stored in the facility?
Do any documents include data such as social security numbers, FERPA data, HIPAA data, or bank accounts?
- What functions will be performed in the facility?
Do operations warrant open workspace or individual offices?
- Where are all entry and exit points and is there a need to control access?
Is card access or a lock and key needed to control entry and exit points to space where sensitive data is kept?
- Is there a need to secure people, servers or IT infrastructure, physical files, printers, copiers, faxes, and document disposal in specific areas of the facility?
Will documents containing sensitive information be printed or received by fax in a publicly accessible or shared space? Consider designing a secure and separate room for servers, printers, copiers, fax machines, and files to limit unauthorized access.
- Does the facility have unintended access points that could result in a security breach?
Does the facility have drop ceilings, windows, raised floors, or walls that do not meet the ceiling?
- Consider the external area; is it safe and conducive to all activities the physical space needs to support?
- If the facility is located in a high-crime area, are personnel or customers required to enter or exit the facility during late nights or early mornings?
- How will you protect the people and the data they possess?
- Considerations include proximity of overnight parking to main entrances, parking-lot lighting, and cameras.
- What additional safeguards can you incorporate to protect the data, servers and people should physical security be compromised?
- Consider hiring a security guard for overnight building access.
- Use multiple layers of security such as locking file cabinets within locked offices. Also, it may not be necessary to continue to store all information. Secure data disposal can reduce the impact on your department and the university.
- See the Office of General Counsel’s Records Retention web page for details.
All too often, physical security is not considered from the user’s perspective, which often results in security issues being overlooked until an incident occurs. In some cases, a single incident can end up as a high-profile security breach that damages the university’s reputation and costs several million dollars in fines and legal expenses.
It is up to every NC State student and employee to consider how secure their physical surroundings are and raise concerns to someone who can address them. If your organization has a security liaison, start there. You may also contact the NC State Help Desk at firstname.lastname@example.org or 919.515.4357 (HELP).