What is physical penetration testing and how could it help your business?

Many businesses invest in security devices, conduct training amongst their employees and hire manned guarding services to secure their business premises. Yet, how can you be sure that these practices are truly effective without testing them out properly? The purpose of physical penetration testing is to assess the effectiveness of your physical security by putting your business premises through its paces in a ‘real-life scenario’.

What to expect from a physical penetration tester
Once you hire a physical penetration tester, they will attempt to gain access to your business premises. Usually, only those who organised the test will know it’s going to happen and even then, they won’t know the exact date or time. This means that for all intents and purposes, this person is a criminal trying to gain unauthorised access to your building(s). 

The tester will then attempt to gain unauthorised access to your building. If they pass through your initial security, they will then go on to complete a series of tasks – usually determined by your business – to demonstrate how deeply then can infiltrate your premises. For example, if the purpose of this test is to assess your cybersecurity, they may try to hack into your systems in order to demonstrate the data they could gain access to. 

What sort of techniques do they use?
As well as some of the more obvious methods, such as sneaking past guards, swiping spare security passes and picking locks, penetration testers often implement less obvious strategies to gain access to restricted buildings.

Female testers find that using a fake baby bump is highly effective when gaining access to a building, noticing that many were keen to hold doors open for them without asking for identification. Some testers create staged meetings with employees, posing as senior staff visiting from another office. In one example, someone even went so far as to get a job at the organisation and then went to work hacking their systems from within the company while posing as a member of their marketing team.

Exposing your vulnerabilities 
Once the test has been completed, a process which generally takes between 2-6 weeks, you will receive a report detailing the penetration tester’s results. Within this, they will reveal how they infiltrated your business – providing they were successful – identifying key weaknesses and areas to improve. Using this information, you will then be able to implement changes within your business to improve your physical security and staff awareness. 

While not every business has the resources or inclination to hire a physical penetration tester, your physical security should be taken seriously. If you need to make a claim on your insurance due to a security breach but your security measures weren’t up to scratch, your insurers may not pay out. To ensure your current security practices correlate with the small print in your existing Business Insurance policy, call Affinity Brokers Ltd on 0141 221 9344.