Posted by: Ken Harthun
14 Golden Rules of Computer Security, Security, Security practice
There’s no question that data security is senior to physical security. The real value in a stolen laptop or PC isn’t in the hardware, it’s in the data. Sure, some druggie might steal your laptop and sell it for a fix, but the real danger lies in the thief who knows the value of the files that are stored on it. If it’s a personal laptop, the passwords to your online banking site, credit card numbers, Social Security number–probably everything about your identity–may be stored on it. If it’s a corporate laptop, depending on who you work for, there could be valuable customer information complete with credit card numbers or other proprietary information that a thief or corporate spy could capitalize on.
But physical security is only slightly less important. Don’t get complacent thinking that you’re OK just because your data is secure. It’s an expensive proposition to replace that data, so you must take steps to prevent theft of your hardware.
Encrypting your data is analogous to hiding it. So hide your laptop. Chain down your PC. Make it as difficult as possible for a thief to steal it. I keep my PC in a locked room when I’m not nearby and I maintain the attitude that someone’s waiting around the next corner to steal my laptop. So, it’s always either in a secure area or with me–and I mean within a couple of feet of me. I rarely leave it in my car and if for some reason I must, I lock it up in the trunk. I never leave it overnight in the office. Out of sight, out of mind. There are other physical precautions you can take as this Security Focus article outlines.
And let’s not forget about removable and external storage devices; hide them, too. For now, I leave you with Golden Rule #8: Physical security is almost as important as data security. Make it as difficult as possible through any physical means for a thief to steal your hardware. Rules of thumb: Lock it up and lock it down; out of sight, out of mind.