PCs
can be used to access another's email, send email in another's
name, or all manner of dubious computer activities. The claim,
"someone else must have sat at my PC" has already become a typical
defence to accusations of improper online behaviour, says
Gartner.
"Organisations are protecting their systems and personnel
against external security threats but failing to realise the very
real risks that exist internally from something as basic as an
unattended PC," said Jay Heiser, research vice president at
Gartner. "Relatively simple solutions are available to address the
problem but few organisations have implemented them."
The firm reckons that risks would be much lower if all users
could be relied upon to log out or lock their PCs when they leave
their desks.
A 'timeout' would limit the window of opportunity for the misuse
of a user's active sessions, but often results in complaints from
users about the inconvenience.
Another option is to use authentication methods that incorporate
"proximity" tokens. Users wear tokens around their necks which
automatically log out the users or lock the PCs when they get too
far away.
Mr Heiser concludes: "There is little point in implementing some
sort of sophisticated identity and access management system unless
you can ensure that when people are logged in to systems, they stay
at their PCs. Sloppy management of login sessions sends the wrong
message, but tight management – including a degree of user
inconvenience – sends the message 'user login sessions are
important and must be protected'."
