You work for a small city IT department and you have a custo

You work for a small city IT department, and you have a customer who repeatedly violates security policy by walking away from his computer without first locking the desktop or logging off. The policy is in place to prevent an unauthorized person from gaining access to his computer and its sensitive data or from sending e-mails posing as the customer. What can you do to enforce company policy with this customer?

A. Talk to your supervisor and suggest your supervisor speak with the customer’s supervisor and have the customer advised of proper security behaviors.

B. Reprimand the customer directly.

C. Set the screensaver on his computer to activate when the computer is inactive for a very short time.

D. Set the screensaver on his computer to activate when the computer is inactive for a very short time and require a password to turn off the screensaver.

Solution

A and D. This isn’t a perfect solution, but sometimes you must constructively assist business customers who refuse to comply with company security standards through administrative channels. While having the screensaver lock the computer isn’t a perfect solution, it does apply some form of security should the user leave the computer while logged in. Additionally, if this is an Active Directory domain, you can use Group Policies to force the computer to lock the desktop if the computer is inactive for a certain period of time.