If your workstation remains open and accessible, the slightest absence can have significant consequences. Much more serious in any case than the classic jokes between colleagues …
Beware of the Empty Chair Policy
Letting your workstation freely accessible when you leave your office can have consequences far beyond the classic schoolboy joke between colleagues.
All professionals have experienced this situation in their business; a collaborator takes advantage of a moment of absence of one of his colleagues to settle at his post and send a false email from his mail. The scenario usually goes no further than a simple and harmless office joke, but it is indicative of a major flaw in the security of the client workstation. What would happen if the post was a workstation containing confidential information, research or plans for a product under development? Or if a malicious person accessed a privileged account and used it to introduce malware on the network?
The wolf in the sheepfold
The risks that these practices pose to the data and the information system of the company are considerable. Firewall, IPS and VPN will not help you if someone goes directly to an open and connected network. He can then freely use the account left vacant to access applications and information. Setting up some basic security rules can help to avoid many problems.
- Any employee who leaves his computer unattended, even for a few minutes, must always disconnect his session or lock it with a password. This can be done very quickly by pressing the Windows and L keys simultaneously.
- For shared workstations, such as in schools, users will need to make sure they log off after completing their work.
- If the workstation is dedicated to data processing tasks that require it to be left unattended for long periods of time, it must be placed in a secure room.
- Everyone is responsible for actions taken from their workstation or user account.
“Any period of inactivity should result in
Automate to not forget
However, awareness and training are not always sufficient. Whether inadvertently or maliciously, human error is still the main source of security breaches. Users often forget to log out or do not log out when they are absent for a short period of time, to avoid having to log in again. This is why technology should be associated with pedagogy.
- Very simple to set up: each station can be equipped with a screen saver activated automatically after a certain period of inactivity and require a password at the exit of standby. This period can be set via group policies, depending on the type of device. A mobile terminal, for example, more exposed than a fixed PC, can see its wake activated faster. The icing on the cake, devices in standby will consume less energy.
- The rules are made to be bypassed. There are applications that prevent devices from going to sleep. Care must be taken to prohibit and block these applications.
- The same principle can be applied when users connect to a network or application, especially when they access sensitive data. Any period of inactivity must lead to automatic disconnection and the obligation to re-enter its identifiers.
- To ensure a high level of security while facilitating the everyday life of users, it is possible to deploy a presence detection technology, which will automatically lock the computer as soon as the user is no longer facing the screen. With a feature like Windows Hello, integrated with Windows 10 , it can then reopen its session without entering a password, thanks to iris recognition or facial recognition.