ISO Position Paper
Position Title: Locking Computer Screens and Devices
Position Audience: Princeton IT Professionals
Contact: Information Security Office: InfoSec@princeton.edu
Position Release Date: February 6, 2018
Unattended logged-in computers pose a security risk to personal and University data. Unlocked
workstations create an opportunity for unauthorized access, which could result in such activities as email
being sent from an individual’s account, file tampering, and/or downloading of sensitive data. The easiest
way to prevent unauthorized access to a computer is to lock it when it is not in use.
To increase data protection, the ISO recommends the following three steps for reducing information risk
to the University:
1. Set an automatic screen lock to a maximum of 15 minutes (or less) of inactivity.
2. Manually lock logged-in computers whenever they are left unattended.
3. Use a cable lock on portable devices.
Data classification: Public