Your business information is only as secure as the business building. If your company isn't maintaining proper security of the premises in which the computers storing your information are located, then your information is at risk. Ditto for security measures being taken internally to prohibit access of information by non-authorized personnel working on the premises.
Physical Security of Building
Your physical security concerns start at the business entrance. Anyone that comes through the office door has the potential to take information from your facility, even if it is on an office computer two floors up. Hiring a security guard at the front who isn't lax about allowing only those in the building who have the right to be there is crucial for information assurance.
Proper procedures for building access after hours is another important concern. Not all employees should have access to a key to your building if you deal with sensitive information. Likewise, only those with authorization to access critical information should be given a key to the office – or offices (or server rooms) – where sensitive information is stored in the building.
(Image credit: Wikimedia Commons)
Physical Security of Data
One way to ensure that employees will be reluctant to cross the boundary of attempting to access confidential information is to utilize a system employed by law enforcement. This involves one person being the gate-keeper, if you will, for information access. If employees must gain access to data by contacting someone who will log in their request and issue a one-time password, this will reduce potential physical security breaches.
Unauthorized Access Breaches
Sometimes unauthorized access breaches occur when an employee takes home a company laptop and accesses sensitive data on an unsecured network. This is a danger for companies who also have employees that work from home using their own computer systems to interact with the businesses servers, downloading and uploading information via unsecured internet connections.
This type of physical security concern can be remedied by limiting access from outside the building to only a portion of the company's server database. Requiring only company-owned secure computer use to access the data will also help reduce this information loss threat, providing more information assurance.
Utilizing outside personnel to repair your computer system or server is a potential physical security concern, too, in information assurance. You are basically giving them the keys to everything about your business. If your computer system was not developed in-house and is maintained by an outside agency, your information security is only as good as theirs is, since their personnel could potentially gain access to your company's data at any time.
If you want information assurance you are going to have to make sure your physical business premises prohibit the possibility for access to computers with such information, limit the personnel within the organization to that data, and fully trust the security measures of the computer servicing personnel your company uses for repairs and hardware problems. These all fall under the duty of a Nework Security Administrator.