I am a net admin for a small company. We have roughly 100 employees at 4 sites. We really do our best to provide as much protection for our business without spending any more money than necessary. We outsource our mail filtering so that we do not need to hire an additional person to manage it and so on.
In our main office our physical security is great. We have card access doors and you can't get on the floor without passing 3 or 4 cameras even if you bypass the receptionist and come in the back door (not really the back door but the side).
You can have all of the software and hardware protection you want but someone walking in, sitting down and plugging in can be your worst nightmare. I would love to hang Cisco switches in the rack. I have had the discussion with the Cisco rep more times than I care to but the cold hard facts are that we just can't spend that kind of money on technology.
We spend our money on people. Yes, I know that is a strange concept to some of you. We are paid well based on our area and job responsibilities. That pay comes with a price. We (the IT dept) ask that everyone be diligent about who they let plug in where.
Our main office usually doesn't have any issues with physical security. Namely, because you just can't walk right in. Our small offices (2-3 people) don't really have physical security problems because they are so small. However, our largest satellite office isn't all that well protected. We share the floor with a long time friend of our company. I think we have been sharing office space for over 10 years now. We also sublet some of our floor space to another company because even though we may be able to office 15 people there are usually only 2 or 3 there.
This is where the problem comes in. A person in charge of controlling the flow of people in and out of that office is sometimes AWOL. Sometimes they just let people come right in, sit down and plug in. In most of our offices we have a public and private network. (It always pays to have a redundant connection to the net) In this office we are doing some reworking of circuits so we had placed a cancel order for one circuit to be done right around the time its replacement was to be installed. Well, now there are delays with the new circuit and no old one.
Apparently someone really needed a connection to the net so they were allowed to sit down and plug in. (Sober is running rampant in our industry now.) All in all I spent a couple of hours trying to figure out why our mail server stopped responding (which was nothing ... it was fine, just hosed up by something - I wonder what?), scanning my local network for issues and turing my remote offices off completely. (Yes those folks are getting paid for doing nothing.) I had to pull the VPN plug because I can't take the risk that it is a remotely infected PC. (even though I know it's not - I know the person that was allowed to plug in and I also know that he has had this virus by the admission of the person who let him plug in)
In an hour or so when I can be sure that our data network is safe I will plug them back in. Who knows? I might get lucky and get to disable an account today. Some people will just never get it no matter how many times you tell them. “No one plugs into our private network that does not have a company owned PC or laptop.” No means NO!