Physical Access Landing Page
On this page:
- Overview
- How to
- Keep research data secure while traveling abroad
- Protect information being mailed/shipped
- Protect information in hard copy that may be in file cabinets or on desks
- Protect information while faxing/printing
- Restrict Access to Systems and Facilities Containing Medium or High Risk Information
- Store System Hardware in a Data Center
- See Also
- Have Questions or Still Need Help?
Overview
Information can be physically accessed when someone obtains hardcopies, has hands-on control of the devices which process and store data, or are present any place documents and equipment are kept. This includes exposure while traveling and using mail/shipping services. Considering who has access to information whether in data centers, public areas like a cafe or airport, an office or living space and validating recipients when information needs to be transferred are critical components of securing information.
Protecting paper files and media that contains information, particularly when they are often kept in file cabinets, on desks, printers, and fax machines or carried along in backpacks and notebooks becomes as important part of your information security plan as the controls that protect information electronically.
- For more information on how to classify and secure your data, see Information Protection @ MIT.
How to
Keep research data secure while traveling abroad
Consider how you will keep research data (paper or physical media) such as forms, field notes, observations, interviews, informed consents, etc. secure while traveling. This could mean taking precautions such as:
- Keep the information under your control at all times
- Physically separating consent forms from data
- Bring along prepaid, pre-addressed shipping envelopes to quickly send documents back to a secure storage location in the US
Protect information being mailed/shipped
- Do use an express service with tracking information and require a signature on delivery.
- Do use double envelopes for sending high risk information so information is not visible from the outside and also to deter tampering.
- Do use an established courier/delivery service
- While trendy local services may be more convenient, it's best to go the extra mile to protect high risk information to ensure it arrives to the intended recipient unexposed and intact.
Protect information in hard copy that may be in file cabinets or on desks
- Do maintain clean desk policy and keep high risk documents out of sight when not in use or when unauthorized individuals are in the vicinity.
- Lock cabinets when not in use or not in the vicinity.
- Lock office or doors for areas where high risk information is kept or stored, even if drawers and file cabinets have been locked.
- Do dispose of high risk documents with a secure shredding service- do not place them in regular trash/recycle bins.
Protect information while faxing/printing
- Don't leave high risk information on the fax machine, printer, scanner - make arrangements retrieve documents as soon as they are printed.
- Do make arrangements directly with the recipient when faxing high risk information to ensure they receive the fax as soon as possible
- Do use a cover sheet with a label indicating high risk and the intended recipient
Restrict Access to Systems and Facilities Containing Medium or High Risk Information
- "Piggybacking" and "Tailgating" with regards to physical security involves following an authorized person into a restricted area without presenting your own credentials for separate verification. Be aware of who follows you into secure areas.
- Card Services
- Card Access FAQ
Store System Hardware in a Data Center
See Also
- How do I protect my laptop while traveling?
- NIST Guidance on Physical Access
- SANS Article on Physical Security
- Infosec Institute Article on Physical Security in the Workplace
- SANS Clean Desk Policy
- ComputerWeekly article on Securing Documents Sent by Fax
- United States Department of Agriculture Methods for Mailing High Risk Information
Have Questions or Still Need Help?
- IS&T's Server Hosting Service: Contact the IS&T Service Desk