This document examines the current state of computer security in the office, and offers information and recommendations on various security solutions.
Due to the now common use of computers in business settings, there is often sensitive data stored on disk, tape, or sent over the Internet or phone lines. This data is generally easily accessible and unprotected.
There is a bewildering array of security devices designed to do anything from user verification to simply stopping someone from walking out of the office with a graphics card under his arm. While this allows great freedom of choice, it also makes the choice a complex one. In addition, if not enough is done, or if the system is incorrectly installed, the results can be worse than if nothing was done at all. For example, the wiring for a system that detects open doors needs to be shielded and separated from the main electrical wiring of the building. If it is not, the system may be easily bypassed, or may not work at all. In this situation, the system hinders only the innocent user.
The best way to decide what is best for a company or home PC is to first identify how much and what type of security is needed. Is it necessary to keep track of who uses the PC and at what times? Is the data sensitive enough to protect or is the main object to prevent the theft of the computer itself? This type of question needs to be answered before a single purchase is made.
The first category of security systems is the physical one. These are the devices that are intended to protect the computer system itself. Some may also have the added benefit of preventing unauthorized computer use while the office is closed. The most obvious of these is the lock on the office door. It affords a measure of protection as long as it is used.
Other devices are available as add-on products. There are thin cables available that loop through plates attached to the base unit and monitor by space-age adhesives. The cables are held together with either a combination or key lock. This arrangement is relatively inexpensive, costing from $35 to 200 dollars depending on the system, and works well. Also, these systems can be installed by anyone, eliminating costly and time consuming professional installation. The main problem is psychological in nature. Some users may not like their PC's to have locks and chains hanging off of them. For this very reason, most of the products try to keep a low profile.
Another idea is removable hard disks. In many cases, a hard drive used in a business contains a great deal of sensitive information such as employee data or copies of letters. When using a removable hard disk, at the end of the day the disk can be removed and placed in a safe or even carried home. These systems are not much more expensive than regular hard disks and have been around long enough to prove their reliability.
For installations with much greater security needs, an entire field of study, called biometrics, is available. A biometric device is something that verifies someone based upon his or her individual physical characteristics such as fingerprints, retinas, hand geometry, wrist veins, voice analysis and signature analysis. These systems have inherent advantages over more conventional systems that use a key or magnetic card because physical characteristics can not be stolen or "loaned" to a friend. In the future most companies will use one or more forms of biometric devices, perhaps in combination with other systems.
Most biometric systems rely on the well-known idea that each person has individual fingerprints. By placing one hand