Employees leaving their computers unattended with active sessions running pose security threat to businesses, says research firm Gartner. The company highlighted the risks of insider attacks associated with active computers.
Gartner’s research shows that when someone uses another user’s computer, the possibility of unauthorized access to sensitive data, altering business information and bypass common approval processes is extremely high. Further more, employees use the “Someone else must have sat at my PC” excuse as defense to accusation of improper online behavior.
“Organizations are protecting their systems and personnel against external security threats but failing to realize the very real risks that exist internally from something as basic as an unattended PC,” said Jay Heiser, research vice president at Gartner. “Relatively simple solutions are available to address the problem but few organizations have implemented them.
Analysts advised companies to implement a time-out policy for all end-users. Policies such as locking down computers whenever they are no in use or hiding sensitive information from the screen display when no using the computer.
“There is little point in implementing some sort of sophisticated identity and access management system unless you can ensure that when people are logged in to systems, they stay at their PCs. Sloppy management of login sessions sends the wrong message, but tight management – including a degree of user inconvenience – sends the message ´user login sessions are important and must be protected´,” added Heiser.