Physical Security in Disaster Recovery/Business Continuity Plan Scenarios
Many enterprises worldwide, both small firms and more prominent corporate entities—successfully switched to "work from home" during COVID-19, enabling them to go on even in the face of government-issued directives to "stay at home." “Non-essential” companies and services lost their storefronts and offices or reduced their workforce. Many organizations that weren't ready for prolonged times when their facilities would be empty or unattended have expressed worries about the possibility of thefts, break-ins, and other types of unlawful entrance. Here are some measures to keep your organization/property safe if all personnel are absent for an extended period.
External Physical Security Controls
Fencing with signage around the perimeter of the property to tell criminals that entrance into the premises is unauthorized and monitored.
Bollards to prevent vehicles from crashing into buildings/secure areas.
Motion or thermal alarm systems to alert when people enter the premises (Massachusetts Institute of Technology, n.d.).
Pick resistant locks, card readers, and cipher locks on entrance doors to stop low-skilled criminals from breaking in and to buy time to alert authorities.
Boarded/re-enforced windows on all first-floor windows to prevent criminals from easily breaking them to gain entrance.
Internal Physical Security Controls
Forced Entry Detection systems to alert monitoring teams if someone breaks into buildings.
Lock all doors inside buildings to slow down criminals from accessing secure areas.
Keep all sensitive documents/items in locked containers such as a safe to add another layer of security if criminals successfully break into buildings.
Put cable locks on all computers to prevent/slow down criminals from stealing them.
Only leave essential workstations/servers running and ensure all computers have login protections in place, full disk encryption, and remote wipe in case they are stolen.
Video surveillance/closed circuit television (CCTV) inside and outside buildings to provide monitoring and evidence in case of a break-in.
24/7 remote security teams monitoring CCTV to detect, report, and respond to break-ins.
Remote monitoring teams can validate alarms that automated systems generate. This prevents activating incident response measures and deploying authorities for false positives and can provide detailed descriptions of criminals and a series of events in case of an actual incident.
Come up with a plan(s) to respond to as many scenarios you can think of to train the remote security team and other vital personnel in the event of a break-in.
Have key personnel (other than the remote security team) on standby to respond to incidents.
Ensure key personnel has the contact information of all other key personnel and authorities to deploy incident response measures without hesitation successfully.
Insurance will cover damages inflicted to the organization whether the perpetrators are caught in the event of an incident or not.
Commercial property insurance protects owned or rented buildings and equipment used to run the business (The Hartford, n.d.).
Business income coverage is a kind of commercial property insurance that compensates a company for any income lost due to a business ceasing operations due to property damage from a covered loss (IRMI, n.d.).
The Hartford. (n.d.). Types of business insurance. Retrieved July 31, 2022, from https://www.thehartford.com/business-insurance/types-of-insurance
IRMI. (n.d.). Business income coverage. Retrieved July 31, 2022, from https://www.irmi.com/term/insurance-definitions/business-income-coverage
Massachusetts Institute of Technology. (n.d.). Red Hat Enterprise Linux 4: Security Guide - Chapter 1: Security Overview. Retrieved July 31, 2022, from https://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-en-4/s1-sgs-ov-controls.html