In Part 1 of this Information Security mini-series, we looked at the printer. Today we are going to look at some of the technology that seemed like a good idea but is often neglected.
CCTV
We will start with the obvious – CCTV. Many offices and organisations have it installed for a range of different reasons and put up signs informing people that they are being recorded. I have used CCTV footage to prove or disprove stories whilst carrying out various cyber security investigations.
However, the systems are often neglected as a support contract seems a waste of money. Whilst carrying out IT and Cyber Security Audits I have found:
- Cameras that have never had the lenses cleaned.
- The systems are so old, that even though they work the images are of such low quality they are useless.
- The wrong time and date is being recorded.
- Just not working – the boss thought they were still an effective deterrent – which may be true, but it makes for poor evidence if an incident occurs.
Security Fobs
There are many of these little electronic devices – for gates, doors, bank accounts etc., and I find too many of them in unlocked desk drawers, or even worse lying on a desk attached to a set of keys. These devices are important, make sure if you entrust them to your staff that they know the importance of looking after them. Would they leave their car fobs or keys just lying around?
ID Cards on Lanyards
Take them off once you leave the secure area or office. Do not wear them in the McDonalds queue at lunchtime or on the train on the way home.
Next
We are going to look at the office network and how that leaks useful information to a threat actor, of employee who is fed up with you.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Devices and Cyber Security – A Primer | Smart Thinking Solutions
Photo by Victor Freitas