News
News
9/30/2005
03:34 PM
Connect Directly
RSS
E-Mail
50%
50%

Unattended PCs Security Risk Underestimated

Lonesome PCs pose a security risk that enterprises underestimate, a research firm said this week. Making matters worse, corporations just don't pay attention to the major security hazard of unattended workstations, according to Gartner research vice president Jay Heiser.

Lonesome PCs pose a security risk that enterprises underestimate, a research firm said this week. Making matters worse, corporations just don't pay attention to the major security hazard of unattended workstations, according to Gartner research vice president Jay Heiser.

"Organizations are protecting their systems and personnel against external security threats but failing to realize the very real risks that exist internally from something as basic as an unattended PC," said the U.K.-based Heiser in a statement. "Relatively simple solutions are available to address the problem but few organizations have implemented them."

From Gartner's perspective, a "significant number of unauthorized access events" happen in the workplace when someone sits in front of another's PC. The possible ramifications range from accessing sensitive data to sending e-mail or IM disguised as another employee. And the lack of protection makes it difficult to discipline workers for improper online activity when the excuse of 'someone else must have sat at my PC' can't be disproved.

"Unattended PCs represent the computer security equivalent of 'low-hanging fruit'," said Heiser.

The solution, said Heiser, would be to require workers to log out each time they leave their desk -- the 'timeout' could also be done automatically -- and log back in when they return. Then, the log-in password stands between seat-warmers and access to data and services they've no right to.

Trouble is, users hate logging off and on, and complain loudly to IT when such requirements are made. That could be mitigated, Heiser said, by making workers understand that they'll be held accountable for any computer mischief originating from their workstations or usernames.

"There's little point in implementing some sort of sophisticated identity and access management system unless you can ensure that when people are logged in to systems, they stay at their PCs," said Heiser. "Sloppy management of login sessions sends the wrong message, but tight management, including a degree of user inconvenience, sends the message 'user login sessions are important and must be protected'."

Heiser recommended that enterprises look at both technology and policy solutions, including "proximity" tokens, small devices worn around the neck that are also used for hands-off security door access. Used for PC security, proximity tokens automatically log off a user when he or she steps a defined distance from the computer.

"Tokens are appropriate wherever shared PCs are used to access critical applications, such as in hospitals and clinics," said Heiser. "Proximity tokens are convenient and particularly effective in preventing the 'someone else used my PC' defense common in call centers and on factory floors."

Although timeouts won't work in all situations -- fast reaction scenarios like stock trading would be among them -- Heiser believed that in most office situations, the practice would be "a simple and effective solution" to the security problem of unattended PCs.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.