Physical protections that can prevent cybersecurity risks
The physical security of our devices has the objective of keeping our information safe by incorporating a series of protection measures that go beyond installing an antivirus. From keeping our computers monitored, to establishing protections against access to information by third parties, in the following article, we will delve into this field of cybersecurity and its impact on the user.
The physical security of our devices aims to keep our information safe by incorporating a series of protection measures that go beyond installing an antivirus. From keeping our computers monitored, to establishing protections against access to information by third parties, in the following article, we will delve into this field of cybersecurity and its impact on the user.
When it comes to cybersecurity, most of us will think that efforts to keep cybercriminals at bay will be focused on applying protection measures linked to software, such as antivirus and acquiring good habits when browsing the net to avoid risks.
However, there is another fundamental branch within cybersecurity that has the objective of protecting the physical security of our devices at 2 levels:
- Hardware protection: are those protection measures designed to maintain the integrity of devices, peripherals (hard drives, USB, etc.) and hardware, that is, the set of physical or material elements that make up our devices.
- Data protection: the objective of cybercriminals is usually to obtain information, not the destruction of the device itself, so it is essential to apply protection measures that affect the transmission and storage of this data.
In this way, through a series of good practices and physical protections, it is possible to prevent third parties from having access to our devices and the information stored on them.
If you have questions about the concepts explained, remember that the INCIBE cybersecurity helpline is available, the free and confidential number 017, which you can call to solve your problems.
What types of incidents are related to physical security?
Physical security incidents are many and varied and, as we have already mentioned, are related to allowing third parties with malicious intent to access them.
From a laptop out of sight and unlocked, to a lost USB device are just the beginning of what can end up being a serious incident for our security and privacy.
Threats to physical security are organized as follows:
- Physical access. If a third party wants to attack our system or steal information from our device, if they have physical access to it, the chances of success will multiply.
For example: if we are writing an important email from our laptop, while travelling by train for work, and we are not careful to block it when we get up to go to the bathroom, we run the risk of a third party having access to our device. From this point, the risks are many, from reading the content of the email or other emails to the modification of information, the theft of data or, even, the infection by malware through a USB device.
- Physical integrity. Sometimes, the protection of our equipment does not consist in defending it from possible attacks or manipulation by third parties. Sometimes, the protection lies in maintaining the physical integrity of our devices and protecting them from possible shocks, falls or damage caused, in many cases, by mishandling or improper maintenance. After all, these are often delicate devices that require special care.
For example: imagine that we are conscious users and we like to create backup copies of our data every so often. To do this, we have a hard drive where we store photos, important documents and other sensitive files. But, due to a mistake, we misplaced the hard drive, it falls off a shelf and ends up hitting the floor. This is an accident that can happen to anyone, but it can render this storage device, and it’s content unusable.
- Information exhibition. These are those situations in which, due to lack of good practices or misunderstandings, information leaks or losses occur where we are responsible. It is common for us to use physical elements to store or record certain information, such as a notebook with passwords or a calendar with contact information, appointments and other sensitive information. Or, in other cases, we end up publishing and exposing them on the web, through social networks. Unfortunately, we are not always aware of the consequences of this data ending up in the wrong hands, and we do not carry out adequate protection measures.
For example: suppose, to combat bad memory, we decide to use a post-it on our laptop with the username and password of our email. Inadvertently, we are making the job of any cybercriminal or the malicious person who, with a glance in a public place, could use the credentials to carry out a cyber attack.
These are, as a general rule, the most common types of threat that our security and privacy face. However, physical security encompasses much more, including natural disasters and device theft.
[Also Read: 5G TECHNOLOGY AND CYBERSECURITY RISKS]
How can we protect ourselves?
The protection measures linked to physical security are many and depend largely on the context and the device we want to protect. Also, although many of them are highly effective against attackers, they must be compatible with other measures that are not directly related to physical security, but that maximize the protection of our security and privacy:
- Avoid leaving information or personal data given everyone, such as credentials or emails.
- Lock the device once we have stopped using it or if we are going to be absent momentarily.
- It is important not to lose sight of our devices at any time. Especially if we are in a public place and, through carelessness, we run the risk of losing it or having it stolen.
- Store our devices or those storage devices that contain sensitive information in safe places, without risk of shocks, falls, or near liquids and without extreme temperatures. This is a good practice to prevent the devices and the information they store from being damaged.
- Make backup copies every so often. Although it is not a protection measure against physical attacks, it is a good practice that will minimize its consequences.
- Device encryption is another handy protection measure that will prevent a third party from gaining access to our files and personal information in the event of loss or theft.
- To avoid possible attacks and infections through USB devices, it is advisable to configure our equipment to prevent this type of devices from executing itself and carry out an analysis of them using the installed antivirus.
- Ultimately, it is highly recommended that we install anti-theft or lost apps on our devices.
In conclusion, physical security threats constitute a significant risk to our computers and the information stored on them. To avoid this, remember to follow the publications on our website and apply the protection measures that you will find on it.
Do you miss any measure of physical protection? Do you think you have your devices protected? Share your opinion and experiences with the rest of the users and keep up to date with the OSI publications on cybersecurity to be able to enjoy the advantages of technology.