Physical Computer Security - Underestimated and Often Overlooked

Several weeks ago I heard about an instance of theft from a business in the Cowichan Valley involving a Hard Drive stolen from a PC from an individual portraying an I.T. Company called "Tek Systems." When I first started out in the technology industry physical security was a more a priority, computers were four times the price they are today, and not every business had one, we were more worried about the computer going missing then the data. Now days it is different, almost every business has computers and our data is very valuable if not more valuable then the computer and hard drive holding it.

The incident with the hard drive being stolen was a prime example of one of the oldest hacking techniques called "Social Engineering" In technological terms, social engineering is a non-technical kind of "Hack" that relies human interaction and often involves tricking other people to break normal security procedures, in this case the individual portraying him self as a PC technician performing an upgrade on the business PC, thus fooling the person into allowing him to work on the PC.

So what can we do to protect ourselves? In this day in age all we hear about are firewalls, routers and anti-virus software, it seems that very second day there is a new virus that will crash the internet and end all humanity, criminals trying to get our most private information and credit card numbers at every click of a button, but if we buy the latest anti virus and firewall software were safe, well at least for a few weeks. We often over look some of the easiest and simple techniques to protecting our data, the physical security of it.

The first one is locking the PC, almost every PC now days comes with an area to place a pad-lock to lock the case so no one can enter without a key, as well there are many solutions on the market to physically secure the PC to a desk such as computer cages that bolt on and cables similar to bike locks.

The second is know your information technology providers, and make sure your staff know who they are, have a single point of contact for your business an office I.T coordinator per say, who is responsible for coordinating computer repairs within the office with your information technology providers. A good company will provide ample notice of any upgrades to take place; they shouldn't just show up at your door. When the technician has there doing repairs or upgrades he should walk though booting up and check the PC with the user or I.T coordinator ensuring that the repair was successful.

The third is secure your data, there are many types of software out there to do this, most laptop manufactures have it built in security measures in place, requiring passwords to even boot the laptop, these built in features are rarely used. Data encryption software is relatively cheap and simple to use, most criminals do not have the expertise and or skills to crack this type of security, but that still does not stop them from stealing your computer, it just protects your data and your company's reputation.

Where there is a will there is a way, criminals will always find ways to steal your data and equipment but if there is deterrents and measures in place to make it harder they will generally continue on to the easier target, we just have to remember to practice safe computing.

Ryan Smith is a consultant and Sr. Partner with Orca-Solutions in Duncan, BC he has several years I.T. experience in private and public sector organizations providing technical support and consulting. His blog can be found at http://www.orca-solutions.com/.