While most technical staff are fairly aware of security issues concerning services and operating systems, a blind eye is often turned to the physical security of machines housing your information. From perimeter security to locking down laptops, the physical aspect of information security should always be addressed. Remember, however, that physical security is rife with almost as many vulnerabilities as information security.

Mobile equipment is subject to added risks.

Laptops, being that they are mobile, are a potential source of all kinds of vulnerabilities. They are typically able to download all of your information and transport them to an insecure site, be it a home, another place of business, or a Starbucks. For this reason, whole-disk encryption is often recommended for not only laptops, but for all mobile computing devices which are permitted to house valuable information or may potentially house valuable information (like authentication cookies or cached pages). Popular tools include Truecrypt, which is completely free. CyberAngel is commercial software offered at a discount by software.rutgers.edu.

Equipment Locks should not be overlooked.

Put quite simply, valuable equipment in an area with public access or an area where many people have access should be locked down. This can done in any number of ways. Locks are fairly inexpensive and often post virtually no hassle to use. A tremendous amount of information data loss occurs when the equipment housing the information is simply picked up and taken away. These can be purchased from virtually any office supply vendor.

Physical perimeter security is the idea of securing whole areas from unauthorized access.

This is roughly the equivalent to putting a firewall at the front of your network. In order to prevent widespread access to particularly sensitive areas of your operation, employing perimeter security is often the answer. This can be as simple as locking the door to a machine room and forcing individuals to sign out the key, or as complex as a multi-site two factor authentication and authorization system securing areas with varied levels of access. Having access restrictions also allows an organization to keep track of who has attempted (either successfully or unsuccessfully) to gain access to an area. This has the potential to imply a certain amount of accountability.

Inventory control makes maintenance easier.

It can be hard to secure hardware you do not know exists or that you only believe may exist. A formal inventory can be thought of as an object-centric counterpart to perimeter security. Keeping track of your physical assets not only helps prevent losing them, but also assists greatly with assessing the current values and making assessments for future growth or evergreening.

Proper data disposal protects you from unknown  exposures.

If a hard drive is not already encrypted, disposing of it could be a hat trick. You may potentially be giving away a tremendous amount of information without even knowing it when equipment is sent off to surplus. Merely deleting files from a drive does not do the trick; the data can be easily recovered. Further, information which had been deleted a long time prior might actually still be on the hard drive as well! It can be very difficult to determine what may or may not be there. While there are software solutions which attempt scrub all information off of a hard drive, often the best solution is to simply destroy it when there is any suspicion. Depending upon the level of security desired, an entire range of colorful solutions ranging from sledgehammers to power drills may suffice.