Business Security Information

If your business uses security cameras, recording is essential.  The recorded security camera feed can be used for a variety of purposes, especially after a business has been burglarized or robbed.  Currently, most businesses use a DVR (digital video recorder) to record their security cameras, but some still use time-lapsed VCR.  No matter which method you use to record your security cameras, what will prevent the criminal from taking the video tape or the DVR’s hard drive when they burglarize or rob your business?  If there is nothing to stop the criminal from taking the recorded security camera video, you should consider the use of lock boxes.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

This past month I have been working with a business regarding some physical security improvements, and one of those items was a security or intrusion alarm system.  It got me thinking about businesses that I deal with who usually ask me about why a certain element of security they have implemented, such as security systems, is not working.  Most of the time when I look at their particular situation, one or more elements of the security system does not fit their needs.  Usually this is not discovered until the system has been installed and paid for, leaving the business with a system that does not fulfill their needs and sometimes results in the system not being used after a period of time.  This results in wasted time and money for the business owner as well as poor or nonexistent security.

Lock Bumping, or “bumping” as it is sometimes called, has been around for the past fifty years and is a form of lock picking where a specially cut key is used to move the pins in the lock so the lock can be opened.  The key is made by cutting all cuts in the key to their maximum depth and is sometimes called a 999 key because the cuts are made to the maximum depth of 9.  The cuts can be made by using a hand file, but using a key-cutting machine speeds up the process of making a bump key.

What are Insiders?

I have read a number of articles related to the security issue of insider threats over the past month or two and thought it would be a good idea to cover that issue in one of my posts.  First, what is an insider–just an employee or more than that?  Insiders are more than just employees or staff and can include consultants, vendors, contractors, service providers and other that you deal with on a regular basis.  Insiders are dangerous because in your dealings with them, you have  probably given them access to your company’s network and/or business facilities.  This opens you up to all kinds of threats.

As a business owner, you must sometimes ask yourself this question when talking to an employee and maybe at times when talking with a customer.  How can you know if you should investigate further or if you should trust that gut feeling you get sometimes?  Well, Carolyn Finch recently had an article in CSO (Chief Security Officer) magazine covering body language and how to use it when looking for signs that someone is lying.

This is a mechanism built into the door latch which prevents the latch from being pried or pushed back into the door. If you look at the key-in-the-knob latch in the picture, you can see that it would be fairly easy to slip the latch open using a shim or what is also called a shove knife. These type of devices can be easily bought or made, and it usually only takes seconds to bypass the latch-type lock. A credit card can also be used on some latches.

Do you have any exterior doors at your business that have hinges on the outside, like the one in this picture? If so, you may be at risk for a simple break-in method. Even though the door is locked, someone can easily remove the hinge pins from the exterior-facing hinges and remove the entire door, allowing easy access. One way of reducing this risk is to use what are called “jamb pins”. Refer to this picture of commercial jamb pins to see what I am talking about.

Commercial Jamb Pins

In recent articles, I have spoken about PCI compliance and about security tools that can help you identify sensitive information on your computers .  While talking about PCI with a company recently and as I write these articles, I realized that there is enormous amounts of open-source software that can assist businesses in complying with some of the elements of PCI.  I have included a list of possible open source software that you might find useful when working on the different elements of PCI.  I use open-source software for a variety of elements in my business and personal life and find it comparable or superior in many ways.  Of course, there is usually a learning curve when working with any new software whether open-source or purchased.

In a recent article on PCI , I discussed the need to know what sensitive information your are storing or have on your systems.  How, then, do you discover or determine what sensitive information is on your computers and other endpoint devices?  An endpoint device is basically the starting point or final destination of all information or data going over a network.    They include, but are not limited to, laptops, personal computers, servers, network appliances, network-attached storage, or any other type of device that can connect to a network using wireless, Ethernet or a modem.  Depending on your network, this can include many types of devices which makes securing your information even more important.