Keeping your computers safe

There are many reasons for the high incidence of computer server related crime:

• An increased demand for computers and their components, fuelled by fluctuations in legitimate supply due to manufacturing difficulties.
• The relative compact construction of modern computer servers has made them an attractive and lucrative commodity to the computer burglar. Combine this with the added bonus of demand outweighing supply, and the thief profits from a reported healthy 80% of current value on the black market.
• Computer technology is constantly developing; as a result the market place never becomes saturated.

There are certain steps that can be taken to reduce the risk of your company falling victim to one of these crimes.

Target hardening

• Buildings that have a glass outer structure should ensure that the glass is laminated to BS 7950. External doors should be fitted with a multiple locking system with locks that equal or exceed the strength requirements of BS 3621. Attention should also be given to fire exits; these doors should be alarmed or fitted with a locking device that conforms to fire regulations. (These exits are often used by smokers who wedge the doors open providing easy access to an opportunist thief).
• Buildings that have opening windows at ground floor level should ensure they are fitted with a key operated locking system. If the premises have been previously burgled by access gained from such a window, consideration should be given to a lockable internal grille.
• Buildings should be fitted with an alarm system, preferably linked to a central station. It should comply with the appropriate British Standard 4737 and be fitted by an accredited supplier.
• Computer server units should be placed in rooms which offer a high level of physical security. Doors to these rooms should be reinforced and comply with Loss Prevention Standard 1175 and should also be fitted with locks at least to BS 3621. The walls to these rooms should be of substantial construction and be floor to ceiling. One high value theft took place recently where the thieves jumped over a partition wall and removed an entire computer server system.

Reducing the pay off

If a computer server or component has a traceable marking it makes it more difficult to re-sell. This would make it a less attractive option for the computer thief. If one of the methods outlined below were to be adopted it would have to be backed up with appropriate signage; the message that the equipment is marked must be prominently displayed throughout the building. Any asset marking method must comply with Loss Prevention Council Standard 1225. Some of the more common marking methods in use are:

• Indelible postcode etching in a prominent position
• Unique chemical index solutions
• Microdot marking

Access control

As many of the thefts mentioned above were subject to the ‘walk-in’ or ‘tailgating’ modus operandi, access should be restricted wherever possible. This can be achieved by a variety of methods:

• By the use of a receptionist or front desk security
• The use of only one entrance
• Electronic entry system.

Companies should also have a policy that all visitors are met at reception and accompanied throughout their time on the premises.

A common problem identified lay with reception staff. Whether security guards or receptionists, they were reluctant to challenge unfamiliar personnel for identification because they felt that they were all too often treated dismissively by members of staff. This naturally reduces vigilance and provides assistance to the walk-in thief.

It is the responsibility of managers within companies to ensure, where applicable, that staff ID is prominently displayed and this rule should be incorporated into company policy. All visitors should be directed by signage to report to reception.

One major City institution further installed access control systems to the Main Equipment Room (MER). This involved floor to ceiling turnstiles with integrated biometric readers replacing existing doors controlled by entry keypad. This system of access control worked in two phases. Firstly a card reader gave access to the rotary gate which gave only a quarter turn. A fingerprint reader then gave access to a ‘sterile’ area before another card reader gave access to the MER. Once in the MER, exit was only possible by way of a card reader and only if that card was used to gain access. This was an additional measure to ensure that any equipment being delivered to the rear service access was supervised by authorised personnel, as only they could open the door from the inside. Health and safety measures had allowed for the use of a break-glass system to unlock all doors. This simultaneously sounded an alarm in the Security Control Room where staff could be deployed instantly. This may seem an extreme measure, but when you are protecting equipment up to £25 million the expense is warranted.

CCTV, if installed, should be checked to ensure it could identify any intruders within the building. Consideration should also be given to installing a camera inside the MER, to assist security staff monitor and identify any suspicious activity.

Although the above measures are not exhaustive, if implemented they would go a long way to reducing the chance of a high value computer theft at your company. If you require any specific information/advice on the security of your MER contact the City of London Crime Prevention Office on 020 7601 2482 / 2644.

You can contact us at csb@city-of-london.police.uk