The importance of protecting your business from your users
People think Im joking when I say to them that they need to protect the users from themselves.
A couple of weeks ago I was travelling through Seattle and while waiting in the lounge there I 
saw this sad situation. Yes its an abandoned laptop. Its owner has taken off upstairs for a drink - unfortunately he also left his screen unlocked for anyone to access. Want a turn anyone?? :)
Unfortunately its something that's all too common - laptops abandoned in airports and public places.
What can you do to prevent this?
1. EDUCATE YOUR USERS! I've said it before. Nothing replaces a good user education. They need to be told just how serious it is to leave a machine like this and what the data theft implications are aside from physical theft of the machine itself. (Note: BitLocker cant protect the user in this situation)
2. Reinforce through policy. How many years has screensaver timeout policy been in the product? Set a reasonable screen save timeout that forces them to logon again once it activates. Its just good layered security that minimises (though doesn't eliminate) risk.
Any of you have good stories to share on this? :)
Comments
Anonymous
January 01, 2003
Absolutely correct Gavin! Another reason why you need to help them care by enforcing the caring! :)Anonymous
January 01, 2003
I read this article from Angus today with much amusement. Apparently Vista is more insecure than WindowsAnonymous
January 01, 2003
The comment has been removedAnonymous
March 08, 2008
The comment has been removedAnonymous
March 10, 2008
I think this photo neatly sums up the unfortunate axiom of computer and data security: "Your users will never care about security as much as you do."