I received a call this week from a friend who works in a small office. She had been out for a few days, and when she returned it became obvious that someone had been rummaging through the stuff on her desk.
Then, she started telling me that when she turned her computer on there was evidence that someone had been using her computer, as well.
Needless to say, she was pretty upset and wanted to know how she could tell who the offender was. She was hoping that there were some “tracks” somewhere that would tell here everything about who had been using her computer.
She wanted to confront the others in the office about accessing her computer and desk items while she was out.
Now, let’s look at some details from a common-sense perspective…
- The computer was configured so that it didn’t require a password to get into Windows. My recommendation was that she make the computer require a password to enter Windows. I suggested to her that the added security far outweighed any perceived inconvenience here.
- It also turns out that the computer in question is a notebook. She had just been turning the computer off at night and leaving it on her desk. Further inquiry led to the discovery that she had a locked file cabinet where she kept the important company information. My recommendation was to make it so the computer could not be accessed while she was not there. I suggested that she lock the notebook computer in the cabinet when she left the office for the day.
- Further questioning helped me to realize that the business has purchased this notebook computer a year ago, but there was no need for portability. So, why did they purchase a notebook? I couldn’t get a firm answer. My recommendation is that a notebook only be purchased if there is a need for portability, as portability makes theft of the computer easier.
- Regarding who and why someone accessed the computer without permission, there could be a variety of reasons. I suggested to her that she calmly discuss with her office-mates that it appeared someone had been looking for something while she was out. I also suggested that it is important she do this professionally, and to encourage them to call her is something is needed while she is out. These are people that she has to work with, and it is important that relationships not be antagonistic.
The conclusion is that this situation could have been averted with just a few simple actions.
Let’s all use common sense when approaching physical security.
- Dan
