Be aware of the following methods for protecting computers:
||The first line of defense in protecting computer systems is to control access to the location where the computers are located.
For good physical security, implement the following protections:
- Many businesses use cubicles which leave computers in plain sight and easily accessible to anyone. Controlling access to the building is critical to prevent unauthorized people from gaining access to computers.
- Place critical or sensitive devices in a locked room.
- Move printers used for confidential documents away from public areas.
- Implement controlled access to any point inside the building beyond the lobby (such as locking doors and security checkpoints).
- Require all authorized personnel to have identification while inside the building.
- Escort visitors at all times.
- Keep room doors locked when not in use.
- For added protection, use keypads or card readers to control building or room access.
- Use software to track who has gained access at any given time.
- Periodically change passwords or locks, especially after key employees are terminated.
||Hardware locks prevent theft of computers or components.
- Keep servers and other devices inside locked cabinets or locked rooms.
- Bolt or chain workstations to desks or other stationary objects to prevent theft.
- Lock cases to prevent opening up devices and removing components such as memory and hard drives.
- For laptops, use removable cable locks when leaving computers unattended in public areas (such as a library). You can also use motion detectors that sound an alarm when a laptop is moved.
|Lock the workstation
||You can set the following passwords in the BIOS to require a password when booting or when modifying BIOS settings:
Leaving your computer unattended while you are logged on potentially gives free access to your computer. Use the following methods in Windows to secure unattended computers:
- Configure a user password to require the password before loading the operating system.
- Configure an administrator password to require the password to edit BIOS settings.
- Configure a hard disk password to require the password before data on the disk can be accessed.
- Configure the screen saver to display the logon screen. The screen saver will be activated automatically when the system is inactive for a period of time.
- Press the Windows logo key + L to lock the workstation.
- In Power Options, require a password when the computer wakes up. When leaving the computer for an extended time, use the keyboard sleep button to put the computer to sleep.
|Computer tracking service
||If you are concerned about stolen devices being used to view confidential data, you can sign up for a computer tracking service. These services can help locate stolen devices, or take other actions such as deleting data or disabling the device.
- Most services use the IP address or a wireless signal to locate the device. The device must connect to the Internet to be located.
- Tracking protections might only work as long as the original hard drive has not been reformatted.
- Some device manufacturers can help you track stolen devices by registering the service tag on the device. If technical support is requested for a stolen device, they can alert the authorities.
- Many mobile devices can be remotely disabled using cellular signals that do not rely on an Internet connection.
||Removable media is any type of storage device that can store data and be easily removed and transported to other locations. Removable media includes floppy, tape, USB/flash storage, CD/DVD, and external hard drives. Removable storage:
Be aware of the following recommendations for protecting removable media:
- Increases the threat of removal and theft of sensitive data. Users can copy sensitive data to portable devices, or media containing data can be lost or easily stolen.
- Increases the chances of introduction of malware.
- In secure environments, remove and disable removable media devices to prevent copying data to or from the device.
- Keep backup media and other removable media in a secure location.
- If possible, use disk encryption to prevent users from being able to read data on removable media.
|Storage media disposal
||When disposing of data storage media, make sure to remove any sensitive data, especially data containing personal health or financial information. Simply deleting data is insufficient as deleted files can still be recovered. Data remanence are remnants of data (after the data has been erased) that allow the data to be recovered and reconstructed by data recovery software.
- If you will be reusing a disk, use data wiping software to remove any remnants. This software writes a random series of bits multiple times to each cluster on the disk.
- When disposing of magnetic media, you can use degaussing with a strong magnet to remove any traces of data.
- When disposing of optical media, shred or physically destroy discs (some paper shredders can also handle optical discs). Degaussing does not work with optical media because the media does not use magnetic fields for storing data.