9.4 Other People
Other people who have access to your system may not all have your
best interests in mind—or they may simply be ignorant of the
damage they can wreak. We've heard stories about
home environments where playmates of children have introduced viruses
into home office systems, and where spouses have scoured disks for
evidence of marital infidelity—and then trashed systems on
which they found it. In business environments, there are stories of
cleaning staff and office temps who have been caught sabotaging or
snooping on company computers.
You may not be able to choose your family, but you can have some
impact on who accesses the computers at your company location.
contractors, vendors, and others may
all have temporary or semi-permanent access to your location and to
your systems. You should consider how everything we discussed earlier
can be applied to these people with temporary access. At the very
least, no one from the outside should be allowed unrestricted
physical access to your computer and network equipment.
Examples of people whose backgrounds should be examined include:
System operators and administrators
workers and contractors who have access to the system
and maintenance personnel
Delivery personnel who have regular or unsupervised access
Auditors and other financial personnel
All personnel who do have access should be trained about security and
loss prevention and should be periodically retrained. Personnel
should also be briefed on incident response procedures and on the
penalties for security violations.
Don't forget your family! Whether you are protecting
a home system or occasionally have your kids visit your office, it is
important that they understand that the computer is not a toy. They
should be taught to leave business-critical machines and media alone.
Having strong passwords and screensavers in place can be a major
help. Additionally, teach your family members about not discussing
your business computing environment with strangers.