Many organisations spend thousands of dollars on the right devices and software -- only to forget about securing the actual building that houses them. Mike Mullins offers some tips for beefing up physical security in your organisation.

Creating and maintaining a fairly secure network can cost a lot of money. Buying firewalls, intrusion detection systems, and antivirus and antispam software doesn't come cheap! And don't forget about training administrators how to operate and configure those systems and others in a secure manner -- all the security devices in the world won't help your organisation if your admins don't know how to properly use them.

But for most companies, the benefits gained in network productivity, increased public confidence, and the lack of legal fees help maximise the return on investment (ROI) for these costs. However, even with all of these devices and software in place and properly functioning, there are still areas of improvement that can mean an even bigger ROI -- specifically, physical security.

Don't overlook physical security
Many organisations spend thousands of dollars on the right devices and software, only to forget about securing the actual building that houses them. Remember: Even if no one can steal or corrupt your data over the network, they may still be able to walk out your front door with it.

Don't neglect physical security in your attempts to lock down data. For example, many companies have no established policy or defined best practices when it comes to bringing in personal laptops or storage devices, both of which makes it easy to siphon off data from your network. Let's look at some other areas of physical security that require your attention.

Develop an entrance and exit policy
Take steps to establish a well-defined entrance and exit policy. It should spell out exactly which electronic devices people can bring into the building, exactly where in your building people can use those devices -- and where they can't.

If your organisation doesn't have such a policy, you need to develop one and distribute it to employees and business partners. Make sure it lists permitted devices, and outline how one would gain approval to bring such devices into the building.

Don't worry about being too specific about allowed devices -- technology evolves faster than any policy. Rather than putting yourself in the position of having to constantly update the policy, address general types of devices instead.

Lock down your equipment -- literally
Developing an entrance and exit policy offers a good opportunity to consider how you secure the devices you already have. For example, have you installed locks on workstations and servers to prevent the theft of hard drives? Do you have cable locks for laptops so they don't walk out the building?

Laptops definitely aren't cheap, and they can store an enormous amount of data. Recent laptops thefts in the news have disclosed just how vulnerable and unprotected most of these devices truly are.

For about $30, you can secure these portable workstations and make sure they remain a part of your business inventory. Think about it: When was the last time you read in the news that someone cut a security cable to steal a laptop? That's why I recommend buying one today for every laptop the company owns.

Final thoughts
Don't become a security statistic by allowing your data to just walk out the front door. Put some policy and procedures in place -- and enforce them.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

Ã,©2006 TechRepublic, Inc.