Unattended PCs Security Risk Underestimated - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
9/30/2005
03:34 PM
50%
50%

Unattended PCs Security Risk Underestimated

Lonesome PCs pose a security risk that enterprises underestimate, a research firm said this week. Making matters worse, corporations just don't pay attention to the major security hazard of unattended workstations, according to Gartner research vice president Jay Heiser.

Lonesome PCs pose a security risk that enterprises underestimate, a research firm said this week. Making matters worse, corporations just don't pay attention to the major security hazard of unattended workstations, according to Gartner research vice president Jay Heiser.

"Organizations are protecting their systems and personnel against external security threats but failing to realize the very real risks that exist internally from something as basic as an unattended PC," said the U.K.-based Heiser in a statement. "Relatively simple solutions are available to address the problem but few organizations have implemented them."

From Gartner's perspective, a "significant number of unauthorized access events" happen in the workplace when someone sits in front of another's PC. The possible ramifications range from accessing sensitive data to sending e-mail or IM disguised as another employee. And the lack of protection makes it difficult to discipline workers for improper online activity when the excuse of 'someone else must have sat at my PC' can't be disproved.

"Unattended PCs represent the computer security equivalent of 'low-hanging fruit'," said Heiser.

The solution, said Heiser, would be to require workers to log out each time they leave their desk -- the 'timeout' could also be done automatically -- and log back in when they return. Then, the log-in password stands between seat-warmers and access to data and services they've no right to.

Trouble is, users hate logging off and on, and complain loudly to IT when such requirements are made. That could be mitigated, Heiser said, by making workers understand that they'll be held accountable for any computer mischief originating from their workstations or usernames.

"There's little point in implementing some sort of sophisticated identity and access management system unless you can ensure that when people are logged in to systems, they stay at their PCs," said Heiser. "Sloppy management of login sessions sends the wrong message, but tight management, including a degree of user inconvenience, sends the message 'user login sessions are important and must be protected'."

Heiser recommended that enterprises look at both technology and policy solutions, including "proximity" tokens, small devices worn around the neck that are also used for hands-off security door access. Used for PC security, proximity tokens automatically log off a user when he or she steps a defined distance from the computer.

"Tokens are appropriate wherever shared PCs are used to access critical applications, such as in hospitals and clinics," said Heiser. "Proximity tokens are convenient and particularly effective in preventing the 'someone else used my PC' defense common in call centers and on factory floors."

Although timeouts won't work in all situations -- fast reaction scenarios like stock trading would be among them -- Heiser believed that in most office situations, the practice would be "a simple and effective solution" to the security problem of unattended PCs.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll