Security Corner

Dec 5 2009   5:35PM GMT

Golden Rule #8: Does Encryption Have You Complacent About Physical Security?



Posted by: Ken Harthun
Tags:
14 Golden Rules of Computer Security
Security
Security practice

There’s no question that data security is senior to physical security. The real value in a stolen laptop or PC isn’t in the hardware, it’s in the data. Sure, some druggie might steal your laptop and sell it for a fix, but the real danger lies in the thief who knows the value of the files that are stored on it. If it’s a personal laptop, the passwords to your online banking site, credit card numbers, Social Security number–probably everything about your identity–may be stored on it. If it’s a corporate laptop, depending on who you work for, there could be valuable customer information complete with credit card numbers or other proprietary information that a thief or corporate spy could capitalize on.

But physical security is only slightly less important. Don’t get complacent thinking that you’re OK just because your data is secure. It’s an expensive proposition to replace that data, so you must take steps to prevent theft of your hardware.

Encrypting your data is analogous to hiding it. So hide your laptop. Chain down your PC. Make it as difficult as possible for a thief to steal it. I keep my PC in a locked room when I’m not nearby and I maintain the attitude that someone’s waiting around the next corner to steal my laptop. So, it’s always either in a secure area or with me–and I mean within a couple of feet of me. I rarely leave it in my car and if for some reason I must, I lock it up in the trunk. I never leave it overnight in the office. Out of sight, out of mind. There are other physical precautions you can take as this Security Focus article outlines.

And let’s not forget about removable and external storage devices; hide them, too. For now, I leave you with Golden Rule #8: Physical security is almost as important as data security. Make it as difficult as possible through any physical means for a thief to steal your hardware. Rules of thumb: Lock it up and lock it down; out of sight, out of mind.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • GregGrosu
    this is incredibly true, and becomes less deniable the bigger your organization is, and the more sensitive the data they handle. Even the absolute best [A href="http://www.sophos.com/products/enterprise/encryption/"]encryption software[/A] is no match for a complacent employee or determined thief. People need to realize that encryption is often there to protect data AFTER the fact, so preventing this data from getting out in the first place needs to remain the priority.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: