How To Practice Physical Computer Security
We spend a lot of time (rightfully) worried about how to protect ourselves from digital attacks. Viruses, malware, account hacking, and a hundred other dangers lurk just beyond our Ethernet ports.
Which means it's easy to forget that someone can just walk up to your computer and tamper with it. Hacking it in person. Failing that, they can just pick it up and walk away with it!
The loss of a personal computer is more than just a financial hit. If the person who gets their hands on it manages to get at your data, you could be in real trouble.
The worst-case is if someone is actually trying to damage your privacy and tampers with your computer. This is bad mainly because you won't notice anything and just start using the computer again. In which case you may be blithely handing personal information over to whoever messed with your machine. So how can you ensure the physical security of your computer? I have some advice just for the occasion.
The Golden Rule: Lock Your Computer!
If your computer is in a place that other people can access it, heck even if it isn't, make a point of locking the machine when you aren't using it.
By this I mean you should lock the operating system so that a password is needed to access your computer. I've seen many people just pop to the bathroom for a few minutes and leave their computer completely undefended. In that time someone can easily read your emails, copy files to a drive or whatever else they like.
You should also not use an administrator account as your main account for this very same reason.
Use a Physical Security Key
Image Courtesy of Gizmodo
In the olden days, computers actually had physical locks that would prevent people from starting them up. We've come a long way from those crude methods. Now you can use a smart card or a USB security key to ensure only you can use the computer.
You can make your own USB security key or buy professional ones like the Google Titan key. This is a highly-secure measure against in-person computer tampering when combined with encryption.
Try to avoid biometric unlock options. Biometrics have numerous flaws that make them unsuitable for serious security purposes. If someone compromises your biometric signature, by copying your fingerprint to a capacitive material, then you either need a more sophisticated sensor or different fingerprints!
While that is a bit far-fetched, the real reason to avoid biometrics is the risk of being forced to unlock your computer. Law enforcement, for example, might simply place your finger on the scanner. While they can’t do the same with a password.
You should also know that a security still needs to be paired with a password, so even if someone gets your key, they still only have half the needed credentials.
Encryption and BIOS Passwords
Your hard drive is the real treasure for privacy invaders. With physical access to your computer, this component can be removed in minutes. So it's important to encrypt your hard drive. This way it will be worthless even if stolen. Without your password, it’s just gibberish.
You should also set a BIOS password so that someone can’t use a USB boot disc to access your computer data that way.
Check the USB Ports!
It’s a good idea to make a habit of checking your USB ports when you come back to your computer. There are hardware keyloggers and other dangerous anti-privacy devices that can monitor you while using your PC.
Check for devices that you don’t recognize. Also, check if there’s something weird about your existing device plugs. Some of these devices act as pass-throughs and go on the ends of existing USB devices.
If you find something like this, remove it and have the computer checked for malware and viruses.
Use a Physical Computer Lock
This is the most low-tech solution, but it can be the most important. For desktop computers, you may want to padlock the chassis so that no one can open it and remove components like the hard drive. You can also get security cables for both laptops and desktop machines. These connect to a special connector embedded in a nearby wall or glued to your desk. The cable is resistant to bolt-cutter and very tough to remove.
Install a Tamper Alarm
You could also consider an alarm that will go off if the computer is bumped or otherwise messed with. Other alarm options include proximity alarms that let you know if the computer is moved out of a certain zone.
Some computer chassis have an alarm sensor built in which works with the BIOS to alert you if the case has been opened.
Tablets and Phones
While this article is mainly about desktop and laptop computers, many people now use tablets and smartphones as primary computing devices.
The best way to physically secure these is to keep them on you. If you can't, you should lock them in a drawer or other safe place.
The rule with biometrics is true here as well. Rather rely on a passcode.
Finally, some new phones and tablets will unlock within a certain GPS zone or when in range of another trusted Bluetooth device. Don't enable this either, since it means that someone can access your hardware while you're close by. But not where you can see them.
Protecting Your Own
These are some of the most practical ways to keep your computer physically safe, but I'm sure our readers have come up with their own creative ideas.
Let us know in the comments of your own physical security tips and how you make sure someone can't compromise your privacy in-person while you're not looking! Also, don’t forget to follow us on Facebook and Twitter. Thanks!