Human Security Risks: The Unattended Workstation

In working on our clients’ risk assessments, in addition to preparing our own assessment, one of the top “human” risks we find is an unattended workstation. An easy, cost-effective (no cost to you) mitigating control is simply to require that users either log out of or lock their computers when they walk away… either during the work day or at the close of business.

Unattended workstations could tempt individuals to read information left on the screen, or worse, to use inappropriate credentials to gain unauthorized access to information. Such an incident could cause a breach of confidentiality, a loss of valuable information, or data integrity problems. If an employee leaves a workstation logged on or unlocked, other employees, customers, a member of the cleaning crew, etc. could obtain unauthorized access to nonpublic information (NPI).

Your Acceptable Use Policy should require that users either lock their computers when they are unattended for short periods of time and log out of their computers when they will be gone for an extended period of time (if this doesn’t cause a conflict with updates).

To help you remind your employees to either lock or log out of their computers, here’s a security awareness reminder poster that you may print and either hand out to your employees or post it in conspicuous locations:    “When the Mice Are Away…”