Locking Computer Screens and Devices

ISO Position Paper

Position Title: Locking Computer Screens and Devices

Position Audience: Princeton IT Professionals

Contact: Information Security Office: InfoSec@princeton.edu

Position Release Date: February 6, 2018


Problem Statement

Unattended logged-in computers pose a security risk to personal and University data. Unlocked
workstations create an opportunity for unauthorized access, which could result in such activities as email
being sent from an individual’s account, file tampering, and/or downloading of sensitive data. The easiest
way to prevent unauthorized access to a computer is to lock it when it is not in use.

ISO Position

To increase data protection, the ISO recommends the following three steps for reducing information risk
to the University:
1. Set an automatic screen lock to a maximum of 15 minutes (or less) of inactivity.
2. Manually lock logged-in computers whenever they are left unattended.
3. Use a cable lock on portable devices.

Data classification: Public