Unattended Workstation Standards

Never leave your workstation unattended!

Computers are most vulnerable when the user is logged into the network then leaves it unattended. It is possible for unauthorized access to applications to result in modification of data, fraudulent use of Emory resources, etc.

  • When leaving a workstation unattended, even if only for a few minutes, users should log off or lock their workstation with a password.
  • Implement an automatic, password protected screen saver to run after a maximum of 5 minutes of inactivity.
  • Terminate active sessions when finished, unless these sessions can be secured by an appropriate lock.
  • Log off all systems and networks as sessions are finished.
  • System administrators should configure system processes to automatically logoff or disable processing ability without subsequent reauthorization when pc/terminals are left unattended in physically unsecured areas (enable screensavers with password protection).
  • Move the workstation to a secure area if its primary function is to process data while unattended.
  • Those responsible for applications containing sensitive data should configure the software program and network sessions to 'timeout' after a reasonable period of inactivity.