Although Cyber Security Awareness month is over, that doesn’t mean you can forget to lock your computer. One should always remain vigilant to protect their personal data. One aspect of security that is often overlooked by most people is physical security; the protection of the devices themselves.
On an individual scale, physical security is as simple as not leaving your phone/laptop/tablet unattended in dining halls or the library. If you must leave your laptop, be sure to lock your screen and get a laptop lock. A quality lock can be had for around $20 and is well worth the cost when compared with the cost of a new laptop, and losing any data you don’t have backed up. Also consider that many people store their passwords in their browser such as Google Chome’s auto-fill feature. While this is convenient for the user, if someone steals your laptop and is able to log in, they now have access to all of your online accounts.
One might argue, “Isn’t that the point of having a login password on my computer?” and they would be correct. But there is a saying in the security industry: Physical access is total access. This means that once someone has your device in their hands, they can do whatever they want given enough time. That is why in professional industry, security conscious businesses will have security experts conduct a “penetration test”. A security expert will go unannounced to the office being tested and try to circumvent the security in place at the office. This can be in the form of lock picking, social engineering (i.e. “look like you belong”), or simply finding an open door. Once the expert (or an actual criminal) is inside, they now have physical access to the company’s computer systems and data. From there, they can install key logging or other data gathering software, or simply steal encrypted hard drives to be broken into later.
While having a strong password is a good start to keeping your data secure, the importance of physical security cannot be overstated. One should always take precautions to prevent others from gaining access to their computer in any and every way possible.