Kroll in the News

Hiding In Plain Sight: Physical Security’s Role in Corporate Compliance

Nashville, TN - April 16, 2012

With so much talk of cyber crime, hacktivism, cyber terrorism, massive data breaches through the Internet and other high-tech incidents, it’s easy to forget that to be successful, a compliance program shouldn’t be defined by what is covered in the mainstream media. Yes, criminals have added powerful, high-tech ways of stealing money and data to their arsenals, but don’t ever forget that they still rely on good old-fashioned criminal methods as well.

Consider, if you will, the case of a Silicon Valley software startup that called us, saying they had a data breach. When our team got onsite, we found out that, indeed, all of the data in their database server – which contained their entire program library – had been taken.

This was very evident, because the thieves had broken into their unoccupied office over a weekend, and literally stole the entire server. What was worse, they also stole the backup tapes, which happened to be the only way the company could recreate its work. They had stored them on top of the server, they told us, for convenience.

Looking around, we discovered that it wouldn’t take a master thief to have perpetrated the break-in. There was no alarm system. The front double doors were installed with a gap that permitted the lock to be bypassed with nothing more than a credit card or a piece of wire. All internal doors, except for the file server room, lacked any locks. The file server room had a lock on the door, but they admitted that on weekends they propped the server room door open to provide better temperature control.

The company didn’t survive the incident.

Perhaps this is an extreme example, but we find that compliance officers often seem blind to physical security issues that can turn into compliance nightmares.

Read the full article, by Alan Brill, at Corporate Compliance Insights.