September 30, 2005
By Colin Beasty, (former) Associate Editor, CRM Magazine

Unattended Computers Are Security Risks

Unattended computers pose as significant a threat to businesses as do outsider hackers, according to a new Gartner report, "Set Timeouts to Stop Abuse of Unattended PCs." A significant number of unauthorized accesses occur when someone sits down at another user's computer, facilitating access to sensitive data and bogus email messages, according to the report. Threats include unauthorized access to personnel data like salary information; unauthorized access to business information--even making changes to that information (it can mean covering up fraud and increasing bonuses or commissions by altering sales numbers). Another threat is the ability to bypass approval processes and employee access levels by using a superior's computer. "The excuse [that] 'someone else must have sat at my PC' has become...typical," says Jay Heiser, research vice president at Gartner. "That said, proving that this was the case is often challenging. Organizations are protecting their systems and personnel against external security threats, but failing to realize the very real risk that exists internally from something as basic as an unattended PC." "Unattended PCs represent the computer security equivalent of low-hanging fruit," Heiser says. "Sending emails in another person's name, even though it's done as a harmless prank, could have huge consequences. Something simple like that can lead to a major security breach, such as customer information." The threat of such risks can be mitigated if users could be relied upon to log out or lock their computers when they leave their desks, according to Heiser. A timeout limits the window of opportunity for the misuse of a user's active session. The disadvantage is that timeout standards lead to complaints from users about the inconvenience, though such resistance is lessened when they are informed that they can be held accountable for computer misuse originating from their usernames. Other technical solutions to this problem include authentication methods that incorporate proximity tokens that users wear around their necks and automatically log them out or lock the computer when they get too far away. These tokens work when computers are used to access critical applications, such as customer databases at hospitals and clinics. Heiser says: "There is little point in implementing some sort of sophisticated identity and access management system unless you can ensure that when people are logged in to systems, they stay at their PCs and ensure that they're secure when they leave." Related articles: The Top Three Business Security Threats

McAfee Is First in Business Security

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

Unattended Computers Are Security Risks

Contact Center Transformation with AI and Automation

Digital-First Customer Service in a Human World

Top 6 2024 Customer Experience Megatrends – What to Prioritize Now

More

Let's Get CX AI Ready: Shoot for 3 Practical Ways to Score CX Points

CDPs: Boosting Service, Marketing, and Sales

Contact Center Transformation with AI and Automation

How AI-Assisted Self-Service Can Transform Your CX

How AI Can Unlock the Voice of the Customer

More Web Events

Not All AI Copilots Are Created Equal

Designing Your AI-Ready Business

CX Innovation at Scale: Maximize Business Success by Using AI to Futureproof Your CX Activities

More