Securing Unattended Workstations

Computer equipment which is logged on and unattended can present a tempting target for unscrupulous staff or third parties on the premises. However, all measures to make it secure should observe your Access Control Policy.

To view the related Policy click      


  • Unauthorised access of an unattended workstation can result in harmful or fraudulent entries, e.g. modification of data, fraudulent e-mail use, etc.

  • Make it mandatory to log off or, at least, 'Lock Workstation' or 'Lock Computer' when leaving a workstation unattended - even for a few minutes.
  • Implement an automatic (password protected) screen saver to run after a fixed time period of inactivity - say 1 minute.
  • Move the workstation to a secure area if its primary function is to process data while unattended. See Preparing Premises to Site Computers and Physical Access Controls.
  • For higher risk systems, and in addition to restricted physical access, consider further safeguards such as smart cards or biometric controls.
  • Implement a clear screen policy throughout your organisation to avoid opportunistic shoulder surfing.
  • Consider configuring the software program and network sessions to 'timeout' after a reasonable period of inactivity. See also Managing Network Access Controls.
  • In higher risk areas, or with sensitive information, consider applying disciplinary procedures.

Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page