Offices of all shapes and sizes have (in some configuration) a system of computers that employees use to complete their day-to-day operations. Whether the office has a group of desktop computers or provides laptops to their employees, the bottom line is that the company provides workstations for their staff members. In addition to providing workstations, companies need to establish a secure workstation policy. This multi-point policy should be established to keep with IT best practices and to ensure that employees are safely and securely accessing a company network from their workstations.
Here are some aspects you may find in a secure workstation policy. Of course your policy needs to reflect your company’s goals and challenges; you can follow these as a guideline for establishing your own policy.
1) Automatic Lock-Out
With automatic lock-out, user accounts are locked out after a set amount of failed attempts to login (usually around 5 attempts). This helps to keep unauthorized users from having enough time to try to hack into a workstation with potentially compromised user credentials.
2) Screen and Computer Locks
We’re not talking about physical padlocks for screens and computers. What we mean by screen and/or computer locks is a system policy that automatically either switches a desktop to a screen saver or completely locks the computer after a period of inactivity. In order for the user to unlock the system and log back in, he or she will be required to enter their user name and password.
Why is this important? Employees get pulled away from their desks for a variety of reasons. It could be getting pulled into an impromptu meeting, or heading down the hall to the break room for a cup of coffee and then getting sidetracked with a conversation with a colleague or superior. In these instances, screen/computer locks ensure that a workstation stops providing access once a user stops doing any activity on it. This helps to keep unwanted eyes off of the screen, away from sensitive information.
3) Single Terminal Server Sessions
All users working on a workstation are restricted to a single terminal server session. This means that if an employee leaves one computer that is logged onto the terminal server and logs in from another computer, the new login will take over the session from the original computer. This helps to make sure that the user operating a system is doing so with his or her own credentials. It also helps businesses track who is doing what and on which system since a user credential can only be used in one place at a time.
4) Data Transfer Restrictions
Companies can disable the ability to copy files from a computer to an external media such as a USB or Flash Drive. This works to ensure that all sensitive files and information remain inside the organization and not in the possession of one particular individual.
All businesses should have a secure workstation policy in place as it is an IT security best practice. However some companies specifically are required to have these types of policies in place in order to be in compliance with certain industry regulations. For example health organizations that are required to follow HIPAA guidelines and/or Health Information Technology for Economic and Clinical Health (HITEC) regulations as well as companies in the payment card industry (PCI) all need to have a secure workstation policy in place due to these regulations. Failure to do so not only puts their data at risk, but a violation can cost the company a lot of money (such as a maximum of $100,000 fine for repeat HIPAA violations). Take steps now to secure your organization’s workstations; it definitely pays off in the long run.
