Earlier this year I got to travel to the US and go through many of the new security features that have been put in place in an attempt to thwart terrorists. As I waited for a delayed flight, I read of a couple of instances, written and reported by the individuals themselves, where they were able to access planes without being stopped by airport or airline personnel – all the while an alarm is going off indicating that someone was entering a restricted area.

No one – not other passengers, not airport personnel, no one – did anything. And it surprised these individuals that they were able to do this. In many ways, however, I was not surprised they were able to and this behavior happens to big corporations on a daily basis. People are gaining physical access to corporations over the many technologies we put in place to prevent this from happening.

Why is that?

I suspect part of the reasoning is that our society is becoming rapidly to relying solely on technological solutions to the issues at hand rather than looking to simpler and human solutions. This dependence on the immediate quick fix and the elimination of the fallible human element is a nice ideal, but it cannot work in all situations. Many countries are looking for technology to find potential threats, but this isn't a truly effective option. Sometimes returning back to basics – ensuring employee loyalty and trust – works far better.

Security in general is the responsibility of all employees of the company but physical security can benefit the most from the many eyes and ears of all employees. The primary component for physical security is education and support of all employees, starting from those above.

Remind employees that when they go out for a smoke and see someone that looks like they belong, ensure they have their pass before just opening the door for them and letting them in. Contractors should have some type of pass, letter or contract (in company letterhead or other hard-to-forge ) to indicate that they belong. Even if they've been there before, employees should not assume that the contractor should be back.

Remind employees that just because a contractor says that management has asked them to come back doesn't make it so. Social engineering still remains the best way to enter into any corporation. Convince an employee that their job might be at risk because they didn't let in the required contractor and they'll likely let them in.

Employees shouldn't be reprimanded for questioning someone who might be entering. And if a colleague forgets their pass, they should be signing in at the front before let in to areas they need access to.

Windows-L for Safety

Along those lines, employees should be reminded that their own computer desktop should be locked when they leave on break. This can be done very simply on a Windows XP system by hitting the Windows key along with the L key. This is one of the better shortcut options introduced and a simple security measure that could help prevent access to sensitive areas as well as prevent potential planting of trojans and such during a mass exodus such as a fire alarm.

When running fire safe tests, it may also be worthwhile to see how many employees are actively locking their desktops. In fact, probably the first thing that needs to be address is how often is a fire drill being done or is it being done?

And let's not forget that during a fire drill, with no one around, unlocked laptops and flat panel displays can go walking amongst other items. By ensuring that employees have locks for their on-the-road travels as well as at work, and testing that they are using them, is a good practice. When I worked as administrator at a private school, I used to go around at lunchtime to see what school-provided laptops were actually locked. Any that weren't were confiscated by me and the student would then get a reminder about the importance of locking everything up.

But it is interesting to note that the one problematic physical issue that continues today is the prolific yellow sticky garden that grows on many employees LCDs and desks.

Passwords to any number of possible critical accounts are available to not only contractors and others that don't work directly for the company but also to employees that don't need access to certain sensitive areas. Remind employees to use mnemonics as ways to remember passwords as well as training sessions to remind them why it's important to not leave this information out in the open. If need be, do random checks to see who might be cultivating the latest yellow (or other colored) garden in their cube.

Also, ensure that shredders or a shredding service is available for employees to use. Send regular reminders, say each quarter, that cleaning desks, monitors and such should be done to curb the growth of sticky gardens and leaving sensitive data out in the open.

All of these are simple tasks but are necessary ones. Ensuring that employees become part of the active security force available to protect a company can lessen the impact of physical security compromises and the use of social engineering on a company.

It will mean that when an alarm goes off, rather than ignoring it, people will pay attention and let you know about the threat to the company. Technology is not be the ultimate solution to the security in the corporation; people are.

This article was first published on EnterpriseITPlanet.com.