Security risks associated with PCs:
i) PCs are likely to be shifted from one location to another or even taken outside the organization.
ii) Decentralized purchasing of PCs can result in hardware/software incompatibility in the long run.
iii) Floppies can be very conveniently transported from one place to another, as a result of which data corruption may occur. Mishandling, improper storage, etc. can also cause damage.
iv) The inherent data security provided is rather poor.
v) There is a chance that application software is not thoroughly tested.
vi) Segregation of duties is not possible, owing to limited number of staff.
vii) The operating staff may not be adequately trained.
viii) Computer viruses can slow down the system, corrupt data and so on.
The security measures that could be exercised are as follows:
i) Physically locking the keyboard or the PC itself must be enforced.
ii) Proper logging of equipment shifting must be done.
iii) The PC purchases must be centrally coordinated and company-wide standards established for spreadsheets, word-processors, application software, etc.
iv) Floppies must be stored in secured places and their issues duly authorized. They must be adequately packed before any shipment.
v) Data and programs on hard disks must be secured using hardware/software mechanisms. Backups must be taken regularly.
vi) Minimum standards must be set for developing, testing and documenting applications.
vii) Properly organized training programs must be periodically conducted. More than once user should be trained on each application.
viii) Virus prevention and detection software obtained from reliable sources must be used. Write- protect tabs should be used on diskettes that do not require any alteration. Pirated software should be strictly avoided.
ix) The PCs and their peripherals must be maintained regularly.
x) While the proliferation of powerful PCs in recent years has its own plus points, the associated risks must not be ignored. Thus implementing effective controls is of prime importance.