Physical access to a computer and information security resources.is a tremendous advantage for an attacker or malicious insider. Here are some things you can do to secure work areas and resources.
Work Area Access
- Control access to all areas containing valuable assets (e.g., building access, electrical closets, server rooms, workstations and work areas with sensitive information, etc.)
- Audit all access to sensitive areas
- Make it easy to identify "who is allowed where", for sensitive areas, consider use of special badges indicating proper access privilege.
- Use human guards, key-pads, proximity badges, biometric devices, etc.
- Test your controls, just as with electronic controls, physical controls should be tested periodically
- Question/report strangers in your work area to a supervisor or building security
- Protect confidential or sensitive information materials from being viewed by others (e.g. desk, printers, fax, etc.)
There's no simpler way of accessing someone's account than by just using their nonsecured workstation. Prevent unauthorized access to your workstation.
- Use screen savers that activate within a maximum of 15 minutes of no keyboard or mouse activity. It's very easy to get pulled into impromptu meetings and auto-locking helps mitigate the risk of an unattended workstation.
- Lock your workstation when you leave it. Press CTRL+ALT+DELETE then select Lock this computer