You can't secure what you don't acknowledge.SM

Tuesday, March 23, 2010

Users *have* to start locking their screens when working remotely

To continue on with the message in this previous post about users locking their screens while away from their computers I'm amazed at how naive people are with their computer usage in public places.

I see it practically every time I'm at a coffee shop - someone leaves his/her laptop sitting at the table while he/she goes out to take a phone call, use the restroom, smoke a cigarette, talk with an employee across the store and provides someone with ill-intent enough time to snatch the computer away or, in some cases, sit there and monkey around with the computer.

All it takes is about 60 seconds for someone to hop onto an unsecured computer, access sensitive files stored locally or via the corporate VPN and then delete them or email them out.

Combine this vulnerability with unencrypted hard drives and Microsoft's new always-on mobile intranet connection called DirectAccess and you've got yourself a big problem on your hands.

2 comments:

  1. Kevin, thanks for the post. I try and let my users know that it takes only a second to hit the "windows key + L" and it is locked. I am ashamed to say that I only got into the habit of doing that in the last year.

    ReplyDelete
  2. Thanks! I'm ashamed to say that I didn't know you could hit the windows key + L to do this! I've been using the old-school CTRL-ALT-DEL.

    ReplyDelete