When I talk to businesses about their physical security plans, I hear the same thing, again and again:
“When I listen to the news, I hear about the proliferation of nuclear weapons…and I think, why should I install locks on my doors if North Korea has the bomb?”
“I wasn’t trained at the Secret Service academy, and I can’t afford to hire someone who was. My team is helpless against a sophisticated attacker. Why bother trying?”
“Have you seen those bank heist movies? If Robert De Niro ever came in here with a crew of super criminals, they’d clean me out. Security is hopeless.”
“I don’t bother locking the doors at night. If the Canadians ever invade, the whole block will be leveled by eight inch howitzers, anyway. What’s the point?”
OK, not really! I’m making that up, of course. Every small business owner makes sure the doors are locked and the security lights are on before heading home for the night. Every responsible manager is on the lookout for suspicious activity. Every capable employee is ready to call the police if they find broken glass and rifled drawers.
But I DO talk to managers and small business owners who are ready to give up on network security before they begin because the threats seem too big and their knowledge feels too small.
It’s easy to be daunted by the prospect of keeping your networks secure.
Network security can be mysterious and inscrutable: What’s even going on inside those boxes with the blinking green lights?
It can seem impossible: How can you prevent malware if you don’t know how software code works? How can you avoid outside threats when you need access to the internet for even the most basic tasks?
It’s easy to assume that you don’t have the expertise to confront the dangers lurking outside. It seems like the tech guys are speaking a foreign language.
It may seem like you just can’t tackle network security. But trust me, you can.
If you are running a successful business, you’ve probably already thought about your plan for physical security. You have found a good system that works for you. You haven’t tried to turn your business into Fort Knox (or given up when that seemed impossible).
I bet you have a good, simple, Common Sense Security Plan:
• You’ve addressed realistic threats—not nuclear strikes.
• You’ve installed appropriate locks, indoor and outdoor lights, and a couple of cameras.
• You practice good control of your keys and what they access.
• You check the doors at night.
• You keep someone on duty in the lobby.
• You train your team to pay attention and look for anything out of place.
• You tell your employees to call the police if they are suspicious or feel threatened.
• Maybe you’ve developing a relationship with some professionals (a locksmith, a security consultant, the local sheriff) who can advise you when you are unsure.
None of that will protect you from infiltration by the Delta Force, and you’re trusting the Department of Defense to deal with foreign armies…but you’ve addressed 90-99% of your reasonable security threats, and you probably feel in control of your security.
With common sense and a positive attitude, you can address your network security, too.
Start with the basics:
• Regular Assessment of Relevant Threats
• Regular Assessment of Your Assets and Their Vulnerabilities
• Simple Training
• Common Sense Measures
• Vigilance as a Team Effort
• Access to Trusted Outside Assistance
With some basic training, a simple plan, and access to a few resources, your team really can address most of your business’s network security threats.
…and sometimes you just have to take a deep breath and trust that the Air Force can protect you from the potential hordes of Canadian bombers*.
*(As far as defense against Robert De Niro goes, just pray that he never targets you. That guy is scary!)
Randy Dewing is a physical and cyber security consultant at Lowmiller Consulting Group.