Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

5 Ways to Prevent Physical Security Breaches in the Workplace

Physical Security

about the author

Share this post

Much is made of cyber security incidents, and rightly so. Cyber security attacks are prolific, with ransomware attacks against UK businesses doubling last year. But it isn’t just cyber attacks that a company must worry about. Physical security breaches are common and often linked to cyber security attacks.

Here are some of the most prevalent types of physical security risks and suggestions for preventing them.

Let’s Get Physical Security Breaches

The physical aspect of data security is part of a broader response to protecting your company. According to the Ponemon Institute’s 2020 Cost of a Data Breach Report, 10% of malicious breaches are caused by a physical security compromise. The report also points out that it takes 223 days to identify a physical breach and 69 days to contain it. The consequence is that the average cost of a physical data breach comes in at around £2.8 million, making physical compromises an urgent problem to fix.

Five common physical breaches are:

Problem: Unauthorised Access to Servers

Server rooms are the heart of an organisation’s network. It houses essential business data, sensitive information, and backups and contains expensive hardware. It is also a regulated area, with standards such as ISO27001 security of physical and environmental areas, requiring that server room access is managed and secured. Physical access to servers and other computers is part of a broader information security management system (ISMS). 

If a rogue or disgruntled employee or even a stranger can access a server room, they can do much damage. This includes physical damage to the servers, theft of critical equipment, and cyber attacks by setting up remote access to the server and directly installing malware.

Prevention of Unauthorised Access to Servers

  • Server rooms should have high-security locks that use integrated access control based on privileged access.
  • Biometric-based systems can help prevent physical breaches of server rooms.
  • Isolation of different servers and association of granular access rights can also help protect a complete takeover of multiple servers.
  • However, these zero-trust and physical access controls must be backed up by Security Awareness Training of system administrators to ensure they don’t share ID cards or entry points with colleagues.

Problem: Tailgating

Tailgating, named after the bad behaviour, associated with drivers getting too close to your car, is where social engineering meets the physical world.

The most infamous case(s) of tailgating was documented in the film “Catch Me If You Can.” The film told the story of Frank Abagnale, who spent many years impersonating people and getting into highly restricted places, such as the cockpit of an airplane.

You can read more about tailgating in a MetaCompliance blog post on tailgating, which can be an insidious and clever tactic that results in criminals gaining access to restricted areas in an organisation.

Tailgaters manipulate employees into allowing them into places that are usually restricted. For example, a criminal may pretend to be a contractor and use behaviour such as the tendency to be polite to encourage or even force an employee to open the door to the company.

Prevention of Tailgating:

  • Educate your workforce on the dangers of tailgating and how it is used to trick them into opening doors (both virtual and real) for nefarious persons.
  • Train your employees on how to tackle suspicious behaviour and ensure they understand how tailgaters manipulate them and take advantage of politeness.

Problem: Documents Left Lying Around

Documents and even post-it notes can contain highly sensitive information that can result in data exposure in the wrong hands. Printers are an example of the danger of physical security breaches. Employees who work remotely may send a document to a printer, intending to pick it up as they pass by the office, only to forget or someone else gets to it first.

Quocirca report into the print security landscape in 2022 found that 68% of respondents had a data loss associated with a print security issue.

Prevention of Documents Left Lying Around:

  • A clean desk policy is essential for reducing data loss due to poor document hygiene. Clean desk policies are also part of standards such as ISO27001.
  • Employee education on the importance of a clean desk and how carelessness can result in data loss is essential in managing the risk.
  • In addition, technological approaches such as robust user authentication to enable ‘pull printing’ ensure that any document printed is only released when the person who authorised its print-out is there to pick it up.

Problem: Stranger Danger

Unaccounted visitors are neither good for cyber security nor physical security. A Health and Safety Executive (HSE) report on violence at work found that strangers were the offenders in 60% of cases. Physical breaches by strangers can result in a risk to computer systems too. Strangers can steal expensive hardware such as phones and laptops, putting the data on those devices at risk of exposure.

Prevention of Stranger Danger

  • Make sure that your workplace has processes and systems in place to reduce the likelihood of a person entering the building.
  • Simple things such as ensuring that doors are kept locked is important.
  • Swipe card access for employees and a visitor entry system with logged entry and exit is essential for any business.

Problem: Lost/Stolen Employee IDs

Many of the dangers associated with physical breaches rely on access controls. Many companies now use employee IDs associated with a biometric entry. Still, even these are only effective if an employee respects the constraints of the access limits set by the organisation. In other words, employee ID systems depend on an employee using them correctly.

Unfortunately, employees who do not understand the importance of privileged access may offer a colleague the use of their ID or even offer to swipe their fingerprint or other biometric to enable access. Criminals who use social engineering tactics also take advantage of this wish to help others, encouraging employees to let them into restricted areas.

Prevention of Lost/Stolen Employee IDs

  • Security Awareness Training in the importance of employee IDs is essential in tackling employee ID and access abuse.

Round-Up of 5 Essential Methods to Prevent Physical Breaches:

  1. Ensure all employees are trained in the types of physical security breaches.
  2. Use robust access control systems to server rooms and other restricted areas and limit access on a need-to-know basis.
  3. Set up processes and systems to monitor movements in and out of the building
  4. Keep a device inventory. You can use this to cross-check against any potential lost or stolen devices to deal with the consequences of potentially exposed data quickly and within regulatory requirements.
  5. Ensure that security policies reflect potential physical security breaches. Include the processes needed to handle a physical breach and its consequences.

Other Articles on Cyber Security Awareness Training You Might Find Interesting