Printer Friendly

The perils of personal computers.


WHAT BEGAN AS A HOME computing fad--microcomputers--started cropping up on desks across the country. And, before corporate America realized what was happening, microcomputers were being loaded with corporate data. All kinds of information found its way onto the floppy diskettes and other magnetic storage media employed by these miniature computer systems. With the advent of sophisticated software applications and spreadsheets, budgetary, payroll, tax, and profit information found its way into desktop computers. In a brief span of time, businesses started to rely on these systems.

Traditionally, vital corporate information was locked away in secure cabinets, file rooms, and safes. Computer processing of vital corporate data was centralized in a corporate computer facility where physical access was strictly controlled. Gradually, however, the data center security manager realized that control over automated corporate data had been lost.

The problem here is not so much the advent of the personal computer (PC), or microcomputer, as it is the lack of recognition on the part of corporate management and users of the dangers these devices introduce to the workplace. Management has failed to recognize that by allowing microcomputers to connect to mainframes they were handing out far too many keys to the kingdom. Users have failed to realize they are now extensions of the traditional data processing centers where corporate security systems and protections were formerly concentrated. Many users do not realize that by moving vital corporate data onto the storage media of their desktop systems they are assuming the responsibilities of a data center security manager.

Removing corporate data from the safety of the central computer facility means the individual employee becomes responsible. Employees must either protect the data in their PC work area or put the data in jeopardy of loss, compromise, or unauthorized modification.

Many businesses still ignore the problem, thrashing about seeking affordable solutions. Some companies have chosen to avoid the issue by forbidding the connection of microcomputers to their mainframe systems and limiting the kinds of information that may be stored on the few desktop systems they have. This approach, while effective at protecting mainframe data, sacrifices many of the benefits possible through the proper and controlled use of PCs. Nevertheless, many corporations have decided their information is too valuable to expose to the risks represented by the microcomputer.

What are some of these risks? The following are some of the most serious security considerations associated with PCs.

Access control. Generally, anyone who sits down at an unprotected microcomputer has full access to all data stored either on its internal disk drive (if so equipped) or on its floppy diskettes (if they are available). Adding to this problem is the fact that in many departments, microcomputer systems are shared by two or more employees. Various vendors offer effective computer access control software and hardware products, some of which are not particularly expensive. However, many companies do not use them.

Auditability. Microcomputers do not contain the detailed activity logs or audit trails that mainframe computer systems do. However, many commercially available products satisfy this need. Generally, the same product will also provide access control and often data encryption. Unfortunately, these products are budget items that are usually deferred due to higher priority, profit-making ventures.

Portability. Microcomputers are portable by design. Although some of the larger desktop models might present some problems, even they are easily transported if separated into their various components (monitor, keyboard, printer, central processing unit, and often cassette tape units and external disk units). Because of their portability, microcomputer systems are highly sought after.

In many corporations, microcomputer equipment is purchased outside the channels normally used for capital acquisitions. Often these acquisitions are never entered on the corporate inventory of computer equipment. When these systems disappear from the work-place, they are not reported missing because of their uninventoried status.

Here again, numerous antitheft products can render microcomputer equipment less accessible by affixing it to larger, heavier items of office equipment, or, less desirable, by setting off window-shattering alarms. These devices range from the very inexpensive--providing minimal protection--to the more elaborate devices providing absolute protection. Many businesses are reluctant to use these devices for reasons of aesthetics (it would look tacky), morale (the employees would think they're not trusted), warranty concerns (it might invalidate the maintenance warranty), and furniture rental agreements (it might damage the desk).

Power requirements. Most companies, after having their entire data processing department brought to its knees by sudden power outages, power surges, and power fluctuations, expend large sums of money to install uninterruptible power sources for their mainframe computer systems. This same defense is not always considered for the microcomputer environment.

A power fluctuation lasting less than a second can cause all manner of disconcerting things to happen. The data may disappear, the PC operating system may require rebooting, delicate read/write heads on disk drives can be damaged, and memory components can be trashed. However, the damage possible from electrical power problems can be minimized, if not avoided entirely. Applicable products range from minimal protection against spikes and power surges to elaborate uninterruptible power supplies for one or more PCs.

Disaster recovery. Employees should regularly copy their projects onto diskettes and store them in safe places. Backing up PC data is the best way to ensure recoverability from a disaster. While most computer users are aware they should do this frequently it is often put off until the unthinkable happens.

Storing backups in a desk is not recommended. Ideally, each department should maintain a fire-resistant, waterproof storage cabinet or file for securing the backed-up data from the PCs. While no special software is required on most office-sized microcomputer systems to copy files onto diskettes, some vendors offer specialized software and hardware products for backing up PC data.

This is but a brief exposure to the many hazards and vulnerabilities of depending on the power and convenience of microcomputer systems. Recognizing these vulnerabilities gives companies the power to protect themselves from becoming hapless victims.

The security of microcomputers is the responsibility of each and every user in the office. However, those responsible for data security should examine the company's approach to information protection and make sure users understand the many dangers.

About the Author . . . Al Foster is data security administrator for US West Corporate Information Services, Englewood Data Center, Englewood, CO. He is a member of ASIS.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:special section - Computer-Information Security: Getting the Protection You Need; includes related article
Author:Foster, Al; Schweitzer, James A.
Publication:Security Management
Date:Mar 1, 1989
Previous Article:Take it from the top.
Next Article:An inside job.

Related Articles
Data security.
Internet security: perceptions and solutions.
Privacy vs. cybersecurity: the advantages of doing business over the Internet are tremendous--but only if enterprises can ensure exchanging...
Securing online transactions: crime prevention is the key.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters