Copyright (c) 2002 by Jennifer Vesperman. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v0.4 or later (the latest version is presently available at http://www.opencontent.org/openpub/).
If an intruder gets physical access to a computer, they can easily gain access to the information stored on the computer. Methods range from simply tucking the computer under their arm and walking off with it to collect the data at leisure, to using a 'rescue disk' or some other method of starting the computer with no passwords, to removing the hard drive and starting it on their own computer, with full access to the information stored on the drive.
Most operating systems have some method of starting the computer with no passwords - this is intentional, because most organisations will lose or forget a critical password at some time. This can only be done when physically at the computer, however - the operating system designers rely on the user being aware of this fact, and securing the computer room.
There are methods, in most operating systems, of disabling the 'no password' start - if you choose to implement them, be extremely careful and document the passwords well. But secure the copy of the passwords.
Keep any computers which have sensitive information away from the general public. Use common sense - locked doors, locked windows and security systems are all readily available. Your local police department is likely to have up-to-date advice on realistic security for your area.
There are specialist devices available for attaching computers to desks, or for locking computer cases closed. If you (or your local police department) feel that that is warranted for your system, buy them and apply them. Just remember that you also need to prevent an intruder from actually reaching the computer in the first place - information can be stolen without moving the computer itself.