Consider, if you will, the case of a Silicon Valley software startup that called us, saying they had a data breach. When our team got onsite, we found out that, indeed, all of the data in their database server – which contained their entire program library – had been taken.
This was very evident, because the thieves had broken into their unoccupied office over a weekend, and literally stole the entire server. What was worse, they also stole the backup tapes, which happened to be the only way the company could recreate its work. They had stored them on top of the server, they told us, for convenience.
Looking around, we discovered that it wouldn’t take a master thief to have perpetrated the break-in. There was no alarm system. The front double doors were installed with a gap that permitted the lock to be bypassed with nothing more than a credit card or a piece of wire. All internal doors, except for the file server room, lacked any locks. The file server room had a lock on the door, but they admitted that on weekends they propped the server room door open to provide better temperature control.
The company didn’t survive the incident.
Perhaps this is an extreme example, but we find that compliance officers often seem blind to physical security issues that can turn into compliance nightmares.
Read the full article, by Alan Brill, at Corporate Compliance Insights.