Blog / The Importance of Locking Computers
Physical security is too often overlooked
When most people contemplate cybersecurity they think about the many technical considerations it entails, such as firewalls and malware detection meant to defend against hackers and remote attacks. However, each machines’ actual physical security is unfortunately too often overlooked. We briefly touched on this very subject last week with the example of an employee’s ex-partner potentially using an easily accessed receptionist’s computer to dox staff, and it remains a good example; all the fancy passwords and malware detection won’t help if a bad actor can pick your front door with a paperclip and walk off with your computers.
So, how do you stop people from doing just that? The first and most obvious answer would be to improve your physical security with better locks, security cameras, and even just relocating machines from on a desk to beneath it, leaving only the monitor available to be snatched. You can even thread monitor and power supply connections through the desk while locking the tower in a case beneath it (provided you’ve made appropriate allowances for air flow and cooling).
Of course, there are limits to how many locked doors and cabinets can be reasonably added to safeguard your machines, but it’s only once they’ve been adequately locked up that you should begin augmenting your physical security with technical security. And augment it you should! Improving physical security is not an excuse for cutting corners on the technical front, nor is technical security limited to protecting against remote digital attacks. Enforcing strong passwords through minimum requirements and enabling multifactor authentication (MFA) are both common technical tools that can also enhance physical security. However, your options don’t end there. Consider encrypting your machines’ hard drives with a tool like Bitlocker so that anyone who physically steals one can’t just rip out the hard drive and slap it into another computer and read it. It’s also just one technical tool that supports physical security, so be sure to consider your options.
Another way to lock up computers
Thieves picking or even just smashing weak locks to break in and walk away with your computers is one thing, but locking office doors and setting alarms doesn’t generally get overlooked. On the other hand, the risks posed by users simply walking away from their computer are often ignored or just plain forgotten about. Last week’s example of the receptionist leaving their station unattended while using the restroom is one of the higher risk scenarios given how accessible reception desks usually are, but employees leaving their workstations unlocked and unattended throughout the day is often an organization-wide problem. It’s far too easy for people to convince themselves they’ll be gone less than a minute to ask their colleague a question, only to get sidetracked by other conversations or called into an impromptu meeting, leaving their workstation vulnerable to anyone walking by. We’ve no doubt the vast majority of every organization’s staff are honest individuals, but employees leaving their computers unlocked when the team goes for lunch also leaves those machines open to abuse by 3rd-party staff like janitors and cleaners. It’s also not hard to imagine someone taking advantage of unlocked computers to frame others for data breaches since unlocked computers generally already have a user id and password associated with the session, making anything done on that machine appear to be the work, or fault, of a rival or someone else.
So how do you deal with people walking away from their computers and leaving them unlocked? Beyond the already well-known timeout, which will automatically lock the machine if it’s been idle for a set period of time (usually a few to five minutes), the only other viable solution is to have and enforce a locked-computer policy. It’s strongly advisable to invest in staff education and training as well, to help avoid or at least mitigate resistance from staff who don’t fully appreciate the complete scope of risks that unlocked computers pose and how following a locked-computer policy actually helps protect them.
Regardless of the specifics though, it’s simply impossible to compensate for a lack of appropriate physical security measures with technical tools. Strong passwords, MFA, and encrypting drives can certainly help and are definitely advised for almost every organization, but the strongest security systems treat both physical and technical security as important rather than prioritizing one over the other.
If you’d like help identifying where you can improve your own organization’s physical security, or augmenting it with technical tools like encrypting hard drives storing high-value or sensitive data, contact a TRINUS cybersecurity professional and we’ll be happy to help out with some stress-free IT.
This week’s quote comes from Richard II; “You may my glories and my state depose but not my griefs; still am I king of those.”
Be kind to each other, courtesy your friendly neighbourhood cyber-man.