Published April 15 2025
Cybersecurity extends beyond the digital realm. Although much of cybersecurity focuses on digital issues, like preventing devices being hacked or avoiding phishing attempts through emails and other digital messages, physical security is a crucial aspect of keeping digital devices secure. Theft, infiltration, eavesdropping, and contaminated devices can be just as effective as hacking for cybercriminals and other cyber threat actors looking to obtain data or break into systems. Three key avenues for physical attacks on our cybersecurity are infiltration of secure spaces, theft of laptops and cell phones, and planting of contaminated USB drives or other data storage devices. Countering these threats requires both effective workplace security policies and alertness in our professional and personal lives to identify, prevent and report physical threats to our cybersecurity.
Gaining unauthorized access to secure spaces can allow cyber threat actors to tamper with workplace devices, attempt to hack into systems, eavesdrop on employees to steal confidential information, or steal devices like laptops and phones. Most businesses have some way of controlling who accesses secure areas containing sensitive information and computers used by staff. These can include locks on entryways, security guards or security cameras. To breach into these areas, cyber threat actors can use a variety of tactics, including “tailgating” behind company employees or posing as delivery or maintenance staff. Tailgating is a practice where someone follows close behind an employee and takes advantage of the employee opening a secured door to get through and follow them inside without needing a key, key card or other identification. This can occur even with people you know and who previously were employees, as you never know when someone may have been fired from a company and no longer authorized to access its secure areas. One way to prevent this is to ask people following you to scan their key cards or other ID prior to letting them in to ensure that your company has an accurate record of who has entered the workplace. Another tactic that threats will use to infiltrate the workplace is impersonating delivery or maintenance workers to access. One way to prevent this is to always confirm the identity of unexpected workers attempting to enter your workplace by contacting their company and confirming that staff are supposed to be at your office prior to allowing them in. It is also important to not tell delivery personnel any details about who may be present at your office or about the details of your security systems as this information could later be used to facilitate infiltration of the office during working hours or for a break in.
Theft of laptops and phones can happen anywhere, including at your workplace, at locations like coffee shops or during commutes on public transit. Keeping close control over your devices is critical to preventing such thefts. This includes keeping phones or laptops in view and not leaving devices in the open on tables or other surfaces when you step away from them. It is also critical to lock devices whenever they are not in use to reduce their value to any potential thief. A locked device is less attractive and useful for thieves as they can less easily enter the device and steal the information on it, use it for identity theft or take other malicious actions. Deactivating cell phones if they have been stolen is also critical as it can deny those who stole it the ability to access data on the phone or to use it. The procedure for deactivating a device and what can be removed through deactivation is dependent on the specific type of phone. These simple techniques can help guard your devices and eliminate opportunities for threat actors to steal them.
Another type of physical security risk is the usage of compromised devices, like USBs, by hackers. These devices can be loaded with viruses and malware and then planted in locations where they will be easily found by the employees of a targeted workplace. The hacker hopes that employees will find the device and plug it into one of their computers to identify it, allowing the malware on the device to invade their computer, and potentially the entire office network. This tactic preys upon the desire of employees to be helpful and identify the device so it can be easily returned. However, if you are aware of the risks, this issue can be easily countered by making sure to turn over any portable storage devices you find to the company’s IT department, who can open them in a secure manner that prevents viruses from infecting the company system. If you have any doubts about the origins of a device, taking this step is the safest option.
If you want to learn more about how to keep your devices physically safe and other cybersecurity tips, CyberMontana offers the Security Awareness Training (SAT) program. This low-cost program provides short monthly online lessons on cybersecurity to businesses and organizations in Montana. These interactive lessons cover relevant cybersecurity topics and help you build the skills and habits needed to stay secure in your work and personal life. The April SAT trainings focus on keeping your tech in check, expanding on many of the physical security tips offered in this blog. To learn more about the program, go to https://cybermontana.org/security-awareness-training. There you can learn program details, access a demo lesson about physical security and sign up you or your business for the program. Additionally, if you have further questions or want to determine if the program is right for you, contact info@cybermontana.org to get in touch with a member of the CyberMontana team. Happy April and have good in keeping your devices secure from physical threats!