Unattended PC is a security risk

If you leave your car running with the doors unlocked, somebody can take off with it. If you leave your PC while it is still turned on and you're still logged in, somebody could sit down and at your desk and mess with it.

That seems obvious to me, but apparently it isn't that obvious to everybody. The technology researchers at Gartner felt the need to call out "the risks of insider attacks associated with employees leaving their PCs unattended with active sessions running."

According to Gartner, a significant number of unauthorised access events occur when someone sits down at another user's computer. The analysts suggest businesses use "timeouts" for all PCs to ensure that users are automatically logged out or that PCs are locked, to minimize the risk of insider attacks.

"Someone else must have sat at my PC" is a typical defense to accusations of improper online behavior, according to Gartner. This excuse won't fly if companies take measures, it said.


Story by Joris Evers, News.Com

 

I notice some people at work use screensavers w/passsword - is this considered pretty safe? In these cases, the person is away for a little break or other short period of time.

-rich
________________
~~Be ALERT!!! ~~

 

Windows + L

 

It's not safe.

The password can be bypassed by restarting the computer

 

??

-rich
________________
~~Be ALERT!!! ~~

 

I hadn't thought about that. But if the user has a password to permit booting, no one else can (easily) get in... I think...

-rich
________________
~~Be ALERT!!! ~~

 

Locking Windows

 

Well if the guy has physical access,and they are determined they can do all kinds of ****. Even if it is not on!

 

Exactly... I don't get all this talk about what people in your office can do to your PC while you're not there... protecting a computer with a logon password, no matter how strong, is just utterly worthless if the attacker has physical access. Physical access means that he can WITH NO PROBLEM WHATSOEVER read and modify the data on the computer, he just needs to take the disk and attach it to another PC. You would need at least to have a whole-disk encryption protection and to physically check that everything is in the right place every time to provide some kind of protection against people who can physically access your PC.

 

It's all about making it more trouble than it's worth for the backstabbing coworker or curious janitor (in an office situation). Make them really have to work for it.
A lockable case, security cable attached to the desk, and a BIOS boot and setup password are not super high security. But they will cause enough trouble for malcontents with physical access as to make them look for an easier target.
At the very least it will slow them down.
If the data is sensitive, definately encrypt it.
You can also put the hard drive in a mobile rack and take it with you.
These measures are cheap to implement and cause little inconvenience in day to day operations.

 

While I can not disagree with the physical access comments....I would have no problem at all answering your question that a screensaver in the work environment I am in is more than adequate and I would gander a guess that it is more than adequate for most work environments.