Information Security Office Security Awareness Series Office Security, Facility and After Hour...

Information Security Office

Security Awareness Series

Office Security, Facility and After Hour Access/ Visitor

Control and Guest Procedures


Visitor Control and Guest Procedures

• Commercial or public buildings, like the buildings on campus, are often the target of opportunistic thieves.

• Thieves take advantage or the fact that many trusting, unaware people often leave their personal belongings in open, visible places.

• Wallets and checkbooks are sometimes left on a desktop or in a jacket on the back of a chair or door; purses are often on the floor next to a desk.



• Unfortunately, these habits are an invitation for trouble.

• No matter what type of security program is implemented, there are no foolproof measures, and nothing is effective without the support of every individual not to violate those measures.



• GUESTS must be checked in through the proper procedures. This is for the guests' protection as well as the protection of the others.

• Politely ask anyone suspicious “May I help you?”

• REPORT any suspicious unescorted person or stranger at once.



• DO NOT LEND the keys to your office or your identification card to anyone.

• UNDER NO CIRCUMSTANCES should you prop open any exterior door. – Although it may seem harmless and convenient,

you are endangering both yourself and everyone else.

– The exterior doors are locked for your safety.– Neither should interior fire doors be propped

open. Doing so eliminates their effectiveness in preventing the spread of fire or smoke.


Office and Building Security


Small offices and casual environment and camaraderie can lead to false

sense of security.

Office and Building Security


General Rules for Office Security

• Id Badges worn at all times in visible location.

• Escort visitors both to and from your office.

• Prevent access of unauthorized visitors (tailgating and piggybacking).

• Do not prop secured doors open.


Tailgating and Piggybacking

• Tailgating occurs when an unauthorized person enters a secure area by following closely behind an authorized cardholder.

• Piggybacking occurs when an authorized person gains access to a secure area and allows others to follow—by holding open a secured door, for example.


• Don’t let anyone in if they can’t get in themselves.

• Everyone must show ID and insist on seeing ID from people you don’t know.

• Don’t let strangers “mess” with anything even if they do have an ID.



• If access into your area requires a badge, always keep the door closed.

• Politely challenge visitors.• Employees required to wear

badges should have them visible at all times.



• Escort visitors to departments. Don’t let them wander around.

• Lock office doors while not there.• Lock your workstation when away from

desk or cubicle.



• Don’t leave confidential data at printers, fax and other equipment.

• Follow your defined process for informing all necessary areas when an employee leaves.– Revoke access immediately when an

employee or contractor is terminated or leaves for any reason.



Suggestions To Reduce Your Risk of Theft

• Keep your purse or wallet in a locked drawer at all times.

• Carry only as much cash as you need for the day, and only one credit card and check.

• Don't "flash your cash" or any credit cards or personal information.

• Make a list of credit cards with pertinent phone numbers and keep it in a safe place. Update the list as needed.



• Don't leave packages or other valuables on or around your desk or work area. Lock them in the trunk of your car.

• Be attentive to any visitors who seem confused or out of place. Address anyone you don't know who may be wandering or looking around your office. Note their appearance, behavior, etc., and report any unusual activity immediately.



• Immediately report any theft or other criminal activity, inform your supervisor or manager.


After Hour Access

• After 5:30 PM, or on weekends.

• Plan in advance.

• If unplanned after hours access is necessary, let someone know.


It’s 9:00 p.m…..do you know where your ID card is?

ID Badges


• Photo ID’s assist in visual identification of individuals at facilities.

• Worn by all employees.• Politely request others to show you their

badge if it is not visible.• If ID badge is also access card, be

aware of access restrictions (after hours, remote sites).

• Report lost ID badge immediately.

Employee Identification


Visitor Control


• Always escort visitors. Have them wait in lobby for you and escort them back when your business is completed.

• Politely ask any stranger, “May I help you?”

• Encourage “sign in and out” and return of visitor badge.

• Notify visitor of applicable security information (emergency exits, etc.)

Visitor Control


Incident Response


Planning responses for different violation scenarios in advance – without the burden

of an actual event – is good practice.

• Know who to report any attempted security violation to – keep the number readily available

• Know what type of information to report (who, what, when, where)

• Timing is important – you need to be prepared to act quickly and accurately

Incident Response


Some Simple Steps To Protect Your Home While

On Holidays

The holiday season is a wonderful time of year. It is also a time when people may

become careless and vulnerable to theft and other crime. Use these tips as a guide to

holiday security.


ATM Security


Don't count your money at the ATM machine. If you must use an ATM, choose one that is located inside a police station, mall, or well-lighted location.

Withdraw only the amount of cash you need. Do not throw your ATM receipt away at the ATM

location. Using the drive-up is usually safer than walking up or

into a facility. Remember to scan around you as you make your

withdrawal. If anyone is loitering, or you don't like their looks, go to another ATM.

Protect your PIN by shielding the ATM keypad from anyone who is standing near you.


Shopping Security


When using credit cards, make sure that onlyone credit slip is printed with your charge card.

Also, be sure to tear up any carbons that maybe used to complete the transaction.

Shop during daylight hours whenever possible. If you must shop at night, go with a friend or family member.

If you stop for a bite to eat be especially aware of your wallet or handbag. Don't leavehandbags or shopping bags behind you. Place them in front of you where you can see them.


Keys should not be carried in your purse. In the event of a purse snatching, the thief will have your address and keys to your home.

At this time of year, "con-artists" may try various methods of distracting you with the intention of taking your money or belongings. Avoid overloading yourself with packages.

Be extra careful if you do carry a wallet or purse. They are the prime targets of criminals in crowded shopping areas, transportation terminals, bus stops, on buses and other rapid transit.

Notify the credit card issuer immediately if your credit card is lost, stolen or misused. Keep cash in your front pocket. Pay for purchases with a check or credit card when possible.


Carry a minimal amount of credit cards and avoid carrying large sums of cash.

Keep a record of all of your credit card numbers in a safe place at home.

Do not carry a purse or wallet, if possible. If you carry a purse, keep it in front of you

and close to your body. When using public washrooms, use extreme

caution. Try to avoid putting your purse on hooks or door handles.


Workplace Security


Keep personal items such as wallets, handbags etc. in a locked and secure area.

Small electronic items such as laptops, Palm Pilots, etc. should never be left unattended.

When leaving your office, even for a short period, secure your valuables and lock your office.


Charity


If solicited by an individual for personal charity, don't give cash; offer to buy the individual food or drink or refer them to local assistance resources.

Confine your charitable giving to reputable established organizations, preferably those with a local branch.

If solicited for an unfamiliar organized charity, ask for literature so you can make an informed decision about giving; any reputable organization will be glad to provide material.

If solicited by telephone, do not give out credit card numbers or personal information not listed in the telephone directory, and don't allow the organization to come to your home until you are certain of their reliability. Instead, ask them to send you information so you can make an informed decision and mail in your donation.


SEC- -Y

If not you, who? If not now, when?


Resources at the University of Arizona

Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml

Sophos Anti Virushttps://sitelicense.arizona.edu/sophos/sophos.html

VPN client softwarehttps://sitelicense.arizona.edu/vpn/vpn.shtml

Policies, Procedures and Guidelineshttp://w3.arizona.edu/~policy/

Security Awarenesshttp://security.arizona.edu/awareness.html


Security Awareness Presentations

Customization available


• Passwords/ Social Engineering • Identity Theft/ Telephone Fraud • Passwords/ Social Engineering • E-mail Usage and Encryption, E-mail

Etiquette• PC Security, Workstation and Desktop

Security (up to date patching and anti-virus), Password Protected Screensavers, Laptop security, Viruses and Worms

• Proper/Improper Internet Use, Internet Security and Safe Web Browsing


• Software Piracy and Copyright Infringement• Blaster Worm and So big Virus • Firewall Basics for the beginning user• Disaster Recovery/ Data Backups, Incident

Reporting, Risk Assessment/ Data Classification Guidelines,

• Palm Pilots / PDAs / Cell Phones/Wireless Security

• Security Basics , Privacy in the New Millennium

• Office Security, Facility and After Hour Access/ Visitor Control and Guest Procedures


University Information Security Office

Bob LancasterUniversity Information Security OfficerCo-Director – CCIT, [email protected]

Security Incident Response Team (SIRT)[email protected]

Kelley BogartInformation Security Office [email protected]

Information Security Office Security Awareness Series Office Security, Facility and After Hour...

Documents

Transcript of Information Security Office Security Awareness Series Office Security, Facility and After Hour...