Out-Law / Your Daily Need-To-Know
Unattended PCs are putting company data and reputations at risk, according to Gartner. The analyst firm called on businesses to ensure that users are automatically logged out or that PCs are locked when they leave their desks.
PCs can be used to access another's email, send email in another's name, or all manner of dubious computer activities. The claim, "someone else must have sat at my PC" has already become a typical defence to accusations of improper online behaviour, says Gartner.
"Organisations are protecting their systems and personnel against external security threats but failing to realise the very real risks that exist internally from something as basic as an unattended PC," said Jay Heiser, research vice president at Gartner. "Relatively simple solutions are available to address the problem but few organisations have implemented them."
The firm reckons that risks would be much lower if all users could be relied upon to log out or lock their PCs when they leave their desks.
A 'timeout' would limit the window of opportunity for the misuse of a user's active sessions, but often results in complaints from users about the inconvenience.
Another option is to use authentication methods that incorporate "proximity" tokens. Users wear tokens around their necks which automatically log out the users or lock the PCs when they get too far away.
Mr Heiser concludes: "There is little point in implementing some sort of sophisticated identity and access management system unless you can ensure that when people are logged in to systems, they stay at their PCs. Sloppy management of login sessions sends the wrong message, but tight management – including a degree of user inconvenience – sends the message 'user login sessions are important and must be protected'."
