The importance of protecting your business from your users


People think Im joking when I say to them that they need to protect the users from themselves.

A couple of weeks ago I was travelling through Seattle and while waiting in the lounge there I IMAGE_003 saw this sad situation. Yes its an abandoned laptop. Its owner has taken off upstairs for a drink – unfortunately he also left his screen unlocked for anyone to access. Want a turn anyone?? :)

Unfortunately its something that’s all too common – laptops abandoned in airports and public places.

What can you do to prevent this?

1. EDUCATE YOUR USERS! I’ve said it before. Nothing replaces a good user education. They need to be told just how serious it is to leave a machine like this and what the data theft implications are aside from physical theft of the machine itself. (Note: BitLocker cant protect the user in this situation)

2. Reinforce through policy. How many years has screensaver timeout policy been in the product? Set a reasonable screen save timeout that forces them to logon again once it activates. Its just good layered security that minimises (though doesn’t eliminate) risk.

Any of you have good stories to share on this? :)


Comments (5)

  1. Anonymous says:

    Absolutely correct Gavin! Another reason why you need to help them care by enforcing the caring! :)

  2. Anonymous says:

    I read this article from Angus today with much amusement. Apparently Vista is more insecure than Windows

  3. Anonymous says:

    Yeah I saw that report leakage issue – and theres been plenty of other data leakage issues such as USB keys holding sensitive content being lost. In those instances using Rights Management can help. Again its not a silver bullet to data leakage but at the very least the data isnt in the clear and should the actual file leak – noone can read it.

  4. Grant says:

    I heard this story once of a Brigadier that left a highly-sensitive report in a qantas club computer :)

    http://www.smh.com.au/news/national/kovco-report-lost-and-leaked/2006/05/17/1147545379230.html

    My favorite "goating" of unlocked computers is running clippy.exe see http://www.codinghorror.com/blog/archives/000997.html

  5. Gavin Rogers says:

    I think this photo neatly sums up the unfortunate axiom of computer and data security:

    "Your users will never care about security as much as you do."