Physical Security Fundamentals

The front line in protecting your data and your computer is securing the physical equipment itself. The risks are twofold.

There is a basic danger to your data, and therefore your security from natural or technological causes related to our basic computer and technology infrastructure. There is no way to prevent power failures, surges, bad connections and faulty data transmission. You can, however, minimize the damage to your system and your information.

More importantly, there is danger posed by the loss of physical control of your computer. The most extensive breaches of computer data in the past six months have been the lost laptops and unsecured workstations at companies like SAIC and a host of government agencies. Physical security is paramount!

Always be aware of people who have physical access to your computer—family members, roommates, co-workers, members of a cleaning crew, and maybe others. Physical access to your computer, whether legitimate or not, is a key factor in cyber security. After all, the casual use of your laptop by a person you trust going to a dangerous site or opening a suspicious email, can blow your system out of the water.

Identifying the people who could gain remote access to your computer is more difficult but not impossible. If you are connected to a network at work, share files through a remote connection, or exchange data across the Internet, you are vulnerable to a security breach. Either someone or something can access your information.

To deal with these physical aspects of computer and data security, we recommend the following:

• Protect your computer from physical damage. Simple as it may sound, the first line of defense against losing your data is to make sure your computer is safe from actual physical damage. There are horror stories we have all heard about irreplaceable data being lost because a laptop fell into a pool or out the back of a poorly packed SUV. When you are using your machine, keep any liquids far from the machine itself. And above all, make sure the cords and wires are situated so they will not be inadvertently disconnected or pull down your computer when someone trips over them! Keep your machine safe from harm and your data will be safe from harm!

• Protect your computer from electrical damage. Electrical shutoffs, power failures, and electrical surges are all part of modern life. Your computer requires a steady “clean” source of power in order to operate properly. Turn it off in a storm! Use a power surge protector! Do not run motors or other heavy duty equipment (copiers, fans, air conditioners, etc.) on the same circuit as your computer! If possible, install an uninterruptible power supply (UPS) that will maintain enough power for your computer to complete a normal shutdown even if the power fails.

• Protect your computer when you are not using it. If you only step away from your computer for a few minutes, there is enough time for a casual passerby to use your equipment. Securing your work area, at home or the office prevents even friendly users, the kids or your co-workers, from accidentally corrupting your system or deleting your information. After all, it is simple to sit down at an unoccupied computer access either the Internet or email. Your personal information is at risk when your computer equipment is unsecured! If possible, turn your workstation or laptop off when it is not being used. At a minimum, secure it from unwanted use by logging off your network and putting the system into password secured standby.

• Disconnect your computer from the Internet when you are not using it. We have all left our computers connected to the Internet and walked away from them. Permanent connections, either through a business network or DSL are commonplace. The risk, however, is becoming more and more serious. IM sessions, automatic program updates, email, and scripting all have risks based on their continued connection to the Internet and the unattended nature of their activities. If another person using IM (Instant Messenger) has an infection, you run the risk of unwanted intrusions yourself just by being on their chat list!

• Carefully consider your security settings. Programs and data are only as secure as your passwords and security settings. Operating systems, browsers, and most commercially available software have put in place a series of options that give the user the ability to require identification and passwords for everything from logging on to opening a specific file. Use what your system offers! It can be tailored to meet your needs and requirements. If the choice is ease of use or security, opt for security. Enabling program options that increase convenience may leave you more vulnerable. Examine all system settings, particularly the security settings, and select options that decrease your risk of data loss or intrusion.

• Back up your data. Files and data are lost by users all the time. We have all accidentally erased a file. No matter how much you protect your data and the machine that houses it, it can be lost. The hard drives we all depend on to store our data have a fixed life expectancy. A low but significant percentage of them fail within months of production but all of them eventually crash. In addition, files can be damaged or destroyed by a virus or worm, a natural event, or a problem with your equipment. A simple disruption of transmission from the hard drive through the CPU can render a file useless. Regularly backing up your data is a no-brainer. Using a CD, DVD, network drive, tapes, or an external memory device will mitigate any problems created when your data is corrupted or destroyed. How often you back up your data is a function of its importance. If your data changes frequently or is critical to your work or personal well-being, back up frequently.

• Protect your backups. When you make your data backups, make sure they are kept in a safe, secure location. It does no good to secure your PC and leave the backups where anyone might find them!

• Guard your peripherals. With the spread of flash drives, portable computer memory, memory cards and mini hard drives many users store valuable data in multiple places. This greatly lessens the chance of permanently loosing data and files but increases the exposure you have to unauthorized access. Many of the devices are so small they are easily misplaced or lost. Users also use these devices to transfer files between machines without realizing a copy of the file could be left on the device itself. Encrypt important data files on these devices. Keep close track of miniature memory devices. Wipe them clean when a transfer has been completed. Do not leave them in computer chip slots or USB pots. Be careful. Your data is easily accessed if the device falls into the wrong hands.