Even assuming that you've taken many of the measures mentioned so far in this hour, it is still important at all times to be aware when trying to ensure the security of a computer installation. The most important type of awareness in the case of physical security is access auditing. Access auditing is the process of knowing who has physical access to your machine and when. This list is important for two reasons:
If you understand who will have physical access to the machine, you can make some guesses with regard to the degree of suspicion and caution you should have.
If your system is ever compromised physically or stolen, having a ready list of individuals who had physical access to the computing environment can help to expedite the discovery of the responsible party.
Many users at this point think to themselves, "nobody but me has access to this machine!" Unfortunately, this is not always the case, especially in the small business setting. The list of individuals who have access to your equipment may include any of the following:
Landlords, property management personnel, or anyone else involved in the ownership or management of your business location.
Cleaning, maintenance, or janitorial personnel either hired by you or hired by building management or ownership.
Service workers, repairmen, and other individuals who are brought in on a limited or one-time basis to make repairs or to solve problems.
Delivery personnel, vending machine operators, or supply runners to whom you have given a door key for early-hour or after-hours work.
Any other employees or family members who have a key to the area either for after-hours work or because they live there.
Unfortunately, there is one last group of individuals you must also consider: any friends, acquaintances, or family members of those individuals already listedespecially those who regularly accompany those individuals on their rounds or to work.
As you can see, this list can quickly grow to involve individuals you may not have considered in relation to your computing equipment. If you find that your list is very large or that some of the individuals in question can't be fully trusted with your data or your equipment, stronger security measures are called for.
Keep this list up-to-date at all times. Be vigilant, or you may come to the office one day to find that your equipment is no longer working.