When we talk about protecting PCs, we need to discuss security as Defense in Depth. What we are saying here is that there are multiple layers of security that need to be implemented to properly and adequately protect your PCs. First, we need to determine how much protection we require. We usually make this type of determination by identifying what type of information is being stored on the PC and the criticality of the PC itself. If the PC is utilized to store very sensitive information than there should be more security controls implemented on this system. If the PC operates critical business functions, likewise, additional controls should be implemented accordingly.
Generally, we talk about security or protection in terms of rings. Each ring is inside the other ring and usually gets tighter and more detailed as the rings get smaller from within. On the outer ring or layer, we are looking at the physical protection surrounding the PC. We look at whether the PC is behind locked doors or open for anyone to use. Is the PC protected from the environment or electrical surges by being plugged in to surge protectors or UPS systems? One of the laws of security involve the actual physical control of the PC, if someone has physical access to your system, it is no longer your system.
The next ring or layer of security usually comes in the form of passwords. Does your PC require a strong password to log on to the system? Does your system automatically go into a password protected screensaver upon at least 15 minutes of inactivity? Do you lock your system if you leave your desk?
Along with passwords, do you have administrative rights on your local PC? Best security practices dictate that administrator accounts should be renamed and that the principle of least privileges should be in affect. This means that only the minimum amount of rights should be granted to a user to allow them to perform their job functions. Software should run in limited access modes and should not have administrator or system level authority.
If your system stores sensitive information, you may want to consider using encryption software to protect this information. There are many types of encryption solutions on the market each with their own pros and cons. You will have to decide which functionality you require and what type of protection level is reasonable for the type of information under protection.
Now that your PC has been locked down, it needs to be maintained. Your system requires to be updated for security patches and vulnerability patches depending on your operating system and software running on your PC. Vulnerabilities are discovered every day and there should be an automated system that will keep track of patches accordingly. For those of you that use Windows, be sure to set your PC to automatically download and install security updates as a measure of protection. Anti-virus software is also an essential tool on your PC and this type of software also needs to be updated regularly to maintain the best level of protection available.