Companies must equip their PCs with 'timeouts' to prevent unauthorised people accessing sensitive information.
Analyst Gartner points out that "Someone must have sat at my PC" has become a common defence for accusations of improper online behaviour. Leaving PCs unattended, even for a short time, makes it easy for other people to read or even send personal emails, view salary information, or worse still, to change business information with financial or legal consequences.
Although simple solutions are available to address the problem, few organisations have implemented them.
"Unattended PCs represent the computer security equivalent of 'low hanging fruit'," says Jay Heiser, research vice president at Gartner.
"Sloppy management of log-in sessions sends the wrong message, but tight management - including a degree of user inconvenience - sends the message [that] user log-in sessions are important and must be protected."
Gartner advises companies to combat the problem through a mix of policy and technology. "Proximity" tokens, which automatically log you out when you're too far from your desk, are one simple solution. These tokens are particularly appropriate for environments where shared PCs are used to access crucial applications. Examples include hospitals as well as in call centres or on factory floors.
Timeouts are effective in most office situations, although clearly inappropriate for areas like technical support, which need continuous display of information or on trading floors, where fast access to information is key.