In order to strongly defend against a physical penetration, the target organization must teach its employees about the threat and tutor them how best to deal with it. Data thefts usually are not reported because the victim organizations try to evade bad press, in which situations the full extent of the threat is not experienced by the people handling the data.
Additionally, employees usually don’t understand the value of the data they handle. The mixture of hidden threat and unperceived value makes training in this section critically important for a successful policy and procedure program.
Maybe the only most efficient policy to ensure that an intruder is noticed is one that needs employees to report or investigate about someone they don’t know. Even employees at very large organizations face a regular group of people on a daily basis. If a policy of investigating about unknown faces can be performed, even if they have a badge, it will make a successful intrusion much more hard.
This is not to say that an employee should directly confront a person who is unknown to them, as they may really be a dangerous intruder. That’s the job of the organization’s security department.
Additional measures that can help decrease physical intrusions include the following:
• Key card turnstiles
• Photo identification checkpoints
• Locked loading area doors, provided with doorbells for deliveries
• Compulsory key swipe on entry points.
• Rotation of guest badge markings everyday
• Security camera systems