Office security

Click the banner for the site map of NoticeBored.com, the information security awareness service

General office security links

General advice on a range of office security matters.

If your office is a mint, do try not to accidentally misplace $15m of gold, eh?

Worried about shoulder surfers reading your screen? There’s a new product from Oculis Labs that uses a webcam to track your eyes (blurring the display whenever you look away) and those of nosy neighbors (who are shown on the screen). Cool technology.

A woman mistakenly thinking she was about to be fired allegedly took revenge on her employer by going into the office late one evening and deleting data files worth $2.5m. Although the deleted data were later recovered, the potential remains for trusted insiders with access to corporate IT assets to cause enormously costly damage by sabotage.

An IT systems administrator having a bad day at the office (fearing that he was about to be laid off) planted a logic bomb in his employer's systems. He survived the round of redundancies but detonated the logic bomb anyway. Fortunately for all concerned, bugs in the code prevented it working properly. In court, he was found guilty, sentenced to 30 months' jail time and found liable for $81,200 in restitution.

NIST security standard SP800-114 is a 46-page User’s Guide to Securing External Devices for Telework and Remote Access covering aspects such as securely configuring and maintaining operating systems, using VPNs for remote access and backups.

When a vehicle maintenance contractor's car was stolen, thieves removed a clipboard with a sheet of paper listing access codes for pushbutton locks on 73 Police station yards in West London. Whether you use pushbutton or key locks or card access systems for your office, do you have adequate procedures in place in case the codes, keys or cards are lost or stolen?

Office security awareness video sampler from AIG.

A book review on Computer Security For The Home and Small Office by Thomas C. Greene is available elsewhere on this website (~ Read our book review US$24 from Amazon). Written by the Associate Editor of The Register, it is quite technical and biased but provides sound security advice, particularly for “SOHO” (Small Office/Home Office) setups.

Computer Security: 20 Things Every Employee Should Know - The Employee Handbook for Securing the Workplace by Ben Rothke is also reviewed on this site (~$8 from Amazon). It’s a neat little booklet summarizing computer security for ordinary employees, and covering many of the items included in this month’s module.

Some companies are evidently so confident in their physical security measures that they describe them in some detail on the Web. Disaster Solutions Management Ltd. for example, clearly explains the layered access controls protecting its data recovery center IT facility from the outer perimeter to the racks in the computer suite. Handy for some. “The widespread availability of sensitive information on corporate Web sites appears to have been largely overlooked by IT and security managers … Freely available on the Web, for example, are 3-D models of the exterior and limited portions of the interior of the Citigroup Inc. headquarters building in Manhattan …” (Computerworld).

The cost of encrypting data on laptops has been estimated at around $50 to $100 per machine. However this needs to be set against the cost of losing a laptop to theft and dealing with the aftermath - “in excess of $50,000” according to Matrix Capital Bank that had two laptops stolen from its HQ. If that cost is typical, laptop encryption is economic if it prevents theft of data from between one in 500 and one in 1,000 laptops. Given that a few percent of laptops go missing each year, the business case for encryption looks overwhelming to me.

General office security links

Related NoticeBored links collections