Go to:

December 2018
< Nov Jan >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Physical Security for Small Business
Tuesday, October 10, 2017 7:00 AM

Events in April of 2017 at a major U.S. university remind us that physical security lapses can result in the compromise of sensitive data. In that particular event, the theft of a backup hard drive from a safe led to the exposure of the personal information of participants in various research studies taking place at the school.

Furthermore, in a recent blog on, Ola Lennartsson with Axis Communications asserted, “For a long time, physical security was strictly analog… but now that IP-based security systems are becoming the norm, with all the associated benefits, [security teams] need to be aware that the game has changed.” 

BizTech Magazine offers a few important points regarding physical security for small businesses: 

  1. INSTILL A CULTURE OF SECURITY. This starts with building a security culture and employee awareness.
  2. INVEST IN SECURITY GATES AND DOORS. This can include limiting access through control of security access cards or smart locks.
  3. MONITOR YOUR SYSTEMS AND SPACE. Placing security cameras at important points in the office, and having access to the live feed and recordings.
  4. GETTING ALERTS WITH ALARMS. Selecting an appropriate alarm system for your business that will notify of intrusions, and offer the use of individual access codes.
  5. FOCUS ON THE SERVER ROOM. If your servers are located in a closet or small room in your facilities, investing in a security gate is significantly less expensive that the potential costs of unauthorized access.

Additionally, a printable poster from the Department of Homeland Security and Stop.Think.Connect. contains some great tips. Hang the poster at your business as a reminder to employees that physical security is a company-wide effort.

A risk assessment is required, per NCUA Regulation 748 Appendix A, which states that a credit union must have a risked-based Information Security Policy and Program, to include the following elements:

  1. Physical security
  2. Administrative security
  3. Technical security

Learn more about Credit Union Resources Technology Consulting and Compliances Services here. For information on completing an information security risk assessment that is compliant with GLBA and the NCUA, contact Idrees Rafiq at or Deana Brown at

Resources Referenced:

This information has been provided to Cornerstone Credit Union League for Cyber Security Awareness Month, and is used with permission from the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO), whose mission is to advance credit union-specific cyber resilience in a strategic and collaborative partnership.