So, what do we do when it comes to our phones, laptops, tablets? How many times have we left our portable devices unlocked, on a table in a café, or at work? Waiting in line at the supermarket, or in front of a busy ATM, we exchanged sensitive data through a chat application, while a stranger is "breathing down our neck"!
By gaining unauthorized access to our devices, criminals have the potential to endanger our physical environment as well - our home address, close people we communicate with daily, our bank account, and even our detailed calendar can be found very quickly and easily (of course, if we are using one).
Physical security (including access to our portable devices) encompasses many aspects of protecting our (often immediate) environment. Of course, it is in that environment that we work, live, enjoy the privacy of our own home, and so on. Therefore, almost all our devices, through which we exchange information and documents, send emails, our TV, smart refrigerator, etc. - belong to the domain of physical security, because they themselves are - physical devices. Why physical security and safety, and how is it related to cyber security?
Simply put - without physical security, we can’t have cyber security. Namely, our user accounts can be perfectly set up, we can utilize correct settings for safe browsing, use the latest antivirus software, as well as an active VPN, but all this can be in vain, if (literally) we leave the front door unlocked!
Hackers, in that case, will not bother with our accounts or network access at all, and spend time and money trying to break into your protected digital systems - they will attack where the defense is weakest, or in our example - through the unlocked front door, while you are in a nearby supermarket. If the criminal gets physical access to our devices, he or she can provide permanent access to our device via hardware (e.g., infected USB), or install a hidden camera / microphone, after which he or she will observe us and wait for the ideal opportunity to strike again. Unfortunately, a huge number of institutions, businesses (especially small and medium enterprises) are not built with physical security in mind. When designing the space, it is very rarely that we consider the possibilities of access (entry / exit), the "dead" corners of the security cameras (if any), or simply where we keep the keys (and copies of them) of the front door. All it takes is a little carelessness, and a forgotten open window overnight, for the security of our institutions / organizations, and even the privacy of our home, to be seriously violated.
So, what can we do about these so-called simple forms of threatening our security?
For starters, we can learn a lot from institutions and companies that take their security (including cyber security) seriously, such as state ministries, foreign consulates and embassies, and banks. Of course, there is no logic or need for our home to be as safe as the nearby embassy, but that should not deter us from taking some basic steps, and building habits for increased physical security, which, in turn, will offer basic preconditions for solid cyber security in our home or office.
It’s true, any lock can be broken. There are people for whom breaking locks is a passion, and a kind of hobby. Of course, the complexity of the lock can significantly complicate the process and increase the time it takes for a criminal to gain access to your home, but the most important thing here is - it is better to lock with any lock, than not lock at all. The key is the lowest technological solution for the security of a given area from unauthorized access - but at the same time it is the cheapest and the most widespread solution.
Although sometimes a criminal will be able to break the lock, not all criminals have the patience and skills to break through a simple locked door quickly. Remember, your car, your home, probably your offices, your university - everyone may be using an alarm system - but no one has thrown away their "ordinary" key and lock.
2. Cameras and alarm systems
Ok, you close the windows regularly, and always are careful to lock the doors at home, especially when you plan to be away for a longer period. As we have seen, there are criminals who can easily enter your home, despite the good locks. What can we do next?
Physical security (as well as cybersecurity) works best when it consists of several layers, or, several measures that do not depend on each other, and form the security perimeter of the space you want to protect. If someone manages to unlock your front door (and you are not at home) what could be the next step, or the next layer of defence, in that case?
Cameras and alarm systems are often seen in busy locations, supermarkets, banks, and institutions. In addition to their more obvious, presumed purpose (recording motion, making loud noises when unauthorized access is detected, etc.), these mechanisms have another, subtler function - they deter potential criminals by their very presence. Very often, criminals will explore a certain area (bank, entrance from an apartment building, etc.) analysing the potential risks of being caught. If they notice a clearly placed alarm system, cameras that follow multiple angles of access to the entrance / exit of the object, in many cases they will give up their intention – simply put, the risk of being caught then becomes too great.
We could utilize the same tricks in our home and office. The placing of so-called fake or dummy cameras are sometimes enough to deter a good number of criminals from even taking your location into account. Alarm systems, with clearly marked motion sensors and warning stickers, will also make your private space too risky to break into.
3. Curtains and blinds
Sometimes, simply observing potential victims, through their windows and glass surfaces, is all that criminals need to plan their attacks. Especially attractive are the large houses with yards, which are "decorated" with quite large windows that allow you to literally "peek" into most rooms of the house. With simple walks, or cheap binoculars, criminals can accurately see if someone is at home, and plan their attack accordingly.
Fortunately, protection from such "reconnaissance missions" can be very simple - use your blinds and curtains. When someone from outside does not have easy access to what is going on in your home, it does not mean that they will turn away from the intention to try to enter - however, the lack of additional information about the movement of owners, whether they are at home or not, affects the risk of the whole operation. Sometimes, too much time spent in the dark can be a factor in increasing the attractiveness of your home - you are probably on vacation or on a long trip. In that case, make sure that from time to time, at least some of your room lights are switched on and off at regular intervals. Also, the use of spotlights with motion sensors, especially covering access paths to the entrance / exit of the home (if applicable) can significantly affect whether your home becomes a target. No one wants to break locks sitting under a spotlight, easily visible to the whole neighbourhood, and will probably quickly give up their intention.
4. While travelling – physical device security
Our smartphones, phones, laptops are already part of our personal luggage, so wherever we go - they go. Whether it is our usual home-office-home route, or a longer vacation, our portable devices are exposed. So, what are the simplest measures we can take to deter bad actors?
First, make sure your devices are always close to you. Whether left alone to charge (switched off) or planning to quickly run to the bathroom - try to never leave your devices unattended. Every time you drop your laptop or phone out of sight, it can create a potential opportunity for someone to try to break in, for example, by inserting an infected USB stick while your attention is focused on something else.
If you absolutely must leave the devices somewhere (for example, in a hotel room) make sure that they are locked with a password (even better - completely turned off), and are not exposed in a visible place, i.e., if possible, lock them in drawers, safes, or simply cover them so that they do not attract unwanted attention. Also, avoid giving them to strangers to use without your direct supervision - a little carelessness can cost you a lot, and your data can be lost or compromised!
Bonus: if you absolutely must leave your laptop (hotel room, conference room, etc.), turn it off and close the lid. Then, place a few objects on top of the lid- such as a headset, mouse, etc. – and take a photo of this "arrangement" with your mobile phone. That way, when you get back from your lunch break, you will have a photo with which you can compare the arrangement of things - and you will find out if anyone has tried to open your laptop!
5. While in a public place - watch out for curious glances and photographers
The rights and obligations within the privacy of our home end as soon as we step out of it. The responsibility to protect our property (including portable devices) takes on completely different dimensions when we are in a public space (cafe, square, bank, etc.). Therefore, we must be very careful how we treat the safety of our immediate physical environment - and how we deal with sensitive data when in public.
Sometimes it happens that we are in a public space (concert, queue in front of an ATM, etc.) and have an urgent need to communicate private data with someone over the phone or laptop. Most people do not worry too much about security when sharing private information about themselves and others, so we often see people literally shouting their ID numbers, debit card PINs, home address, etc. For someone with bad intentions, this data can be a treasure trove - with a little luck and creativity, they can access someone's bank account, digital user accounts, or even access your phone or laptop.
Protecting yourself from such potential side effects is quite simple. Whenever you must enter your PIN or password to get a service or make a payment, make sure no one is "overly curious" about which characters you are entering. Also, be careful when unlocking your portable devices in a café - someone sitting at a table behind you can easily recognize which characters you typed on the keyboard, and even record the whole process, for easier (slower recording) identifies your passwords!
Do not feel pressured to enter your PINs or passwords immediately while in a public place and ask for minimal privacy. Whenever possible you should have all these components in place for launch to maximize profits. This includes giving out someone else's personal information - ID numbers, health history, etc. to our loved ones, unfortunately, they are often shared almost unreservedly, not considering who is "listening and watching".