Data security begins with a secure physical environment

posted by Mike Burke on Wednesday, October 17, 2018 in SHAZAM Blog

During October, we’re recognizing National Cybersecurity Awareness Month. While cybersecurity may focus on protecting data and information, it’s also important to implement processes that protect facilities and equipment. Employing these safety suggestions is a first step toward that responsibility. If processes and procedures aren’t in place, take time this month to put a plan together.

Protecting data

To protect institution and accountholder data, be sure to secure your computer system. Keep the server room locked at all times and only grant access to authorized personnel. Require staff to lock their workstation or computer terminal whenever it’s not in use — even when they leave “just for a second.”

Vendors in the workplace

Implement appropriate processes to check vendors in and out of your site. Use a log to record deliveries and be sure to escort service providers to their work or delivery location; ask for valid identification and contact the vendor’s office if questions arise.

ATM procedures

Protect against skimmers and white-collar crime at ATMs by implementing these processes:

  1. Monitor machines daily, including weekends and holidays. Look for card reader overlays, keypad overlays and hidden cameras. Engage local law enforcement and train them how to check ATMs in your community.
  2. Know your ATMs by taking a photo of each machine. This provides a quick reference to help identify if anything is out of place.
  3. Correctly install and operate an external camera at each ATM to record all activity.
  4. Train employees to be vigilant and report suspicious activity such as people loitering near an ATM or sitting in a nearby vehicle.
  5. Tell cardholders to wiggle the card reader before inserting their card, cover the keypad when entering their PIN, and report anything that looks out of place.

Protecting your physical facility is the first step in keeping data secure. Review staff expectations and encourage your cardholders to say something if they see something suspicious.

This content was updated Sept. 27, 2019


  1. cybersecurity
  2. fraud
  3. security
  4. threat

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus