Three Offline Cyber Security Threats
There is a behavioral disconnect between how people perceive the value of physical objects, such as bars of solid gold, and the value of digital information, without which, many companies cannot stay in business. While most business owners conceptually understand the value of information, their behavior indicates otherwise.
For example, few businesses would store gold bars inside a room with minimal physical security in place. Yet, many store their data, the lifeblood of their business, on servers inside of rooms that can be easily entered by a skilled burglar. When physical security becomes the path of least resistance to this data, it's only a matter of time before criminals exploit the vulnerability. Valuable business data is subject to a number of offline cyber security threats. These include:
Poor Physical Security
The physical security of small businesses can vary from good to non-existent. Vulnerable windows and doors, the points of entry commonly used by home burglars, are similarly exploited in the case of businesses. This likely isn't the case for businesses such as jewelry or liquor stores, which keep valued physical goods. However, it's often the case for information based small businesses. A few easily picked mechanical locks are all that separate the thief from the company's data storage devices. Once inside, malware providing a backdoor might be installed in the computers or servers, or the hardware might be physically taken.
Improper Hardware Disposal
When old computers and other hardware are thrown away, the information within their hard drives is accessible to anyone who recovers the hardware from the dumpster. Deleting the files does not remove the data. Neither is it necessarily destroyed by smashing the hard drives. Current data-recovery technology can easily extract much if not all the data. This is the easiest way of stealing data, since theft of refuse isn't a high priority among law enforcement officers.
Disgruntled or former employees with viable login credentials can take important company or customer data. If such a person has insufficient security clearances for access to this data, she or he could sell or give the credentials to individuals with the skills to hack their way to the data. It's not uncommon for companies to keep outdated user accounts for months.
Just as offline techniques can be used to steal digital information, so can online techniques be used to steal physical goods, such as hacking into and compromising a security camera. Both physical and cyber security require a holistic approach that too few businesses embrace. For more information about cyber security, please contact us.