Considering the sensitivity and importance of corporate knowledge and data in general, I can’t believe the degree of navet in some of these responses. And, while I agree that a few of the actions mentioned above might be extreme, the practice itself is a necessary evil. Most of the examples given would take far longer than the “30 seconds” cited by those complaining, so I think that exaggeration is also lending to a much more negative perception. Here’s my rule of thumb: I don’t lock my workstation if I’m in view of the area as I’ll know when someone enters my space, but if I go to lunch, the bathroom or across the floor to vending, I lock it.
Though the finance industry may have their specific, above-mentioned guidelines strictly designed for monitoring access, even more companies (if not All) have some form of security policy that includes a “need to know” confidentiality clause. This pertains not only to external entities, but your trusted co-workers. I’ve worked in a secure environment for the past several years and, as mentioned above, leaving my workstation unlocked is NOT an option. My clearance level may be above that of my co-worker. So, while they are allowed in the building, floor, and cubicle, they aren’t allowed to view certain documentation. To make it more complicated, I may never know what some of my co-workers clearance level is, which becomes irrelevant if I lock my workstation. The responsibility for security begins with ME. I’ve acted as SSO for several systems and I can assure you that the easiest and main point of access for most intrusions are at the individual security level, from inadequate password protection (too easy or taped to their monitor) to, you guessed it, leaving their workstation unlocked.
Even the Cum-Bay-Ah office environments glorified above probably aren’t as secure and friendly as the posters would lead us to believe. People are easily rubbed the wrong way, so a simple email inviting one co-worker over for a BBQ may seem innocent to you, but may leave another, uninvited co-worker feeling snubbed. He may not have done anything nefarious this time, but after having learned that you don’t like him enough to have him over to dinner and having time to stew over it, your next lunch excursion may be his opportunity to exact some sweet revenge on you by sending an email from your account letting your boss know exactly how you feel about him.
No personal information on your workstation, you say? What about your emails? None of those slip into the personal realm? What about things like annual performance evaluations, usually communicated via email? Think your co-worker would be satisfied to find you receive twice the salary to do half the work…even if that is only his perception?
If you don’t like it happening to you, than lock your workstation. If you can’t be bothered to follow through with such a massive inconvenience as locking your workstation, than report it. Why don’t you report it? Because the first question you’ll probably be asked is how they gained access. When I was told that the user left the machine unlocked, as a security officer my first response would always be to chastise that user. That would be followed by the question “what exactly do you expect me to do?” All the system logs will prove is that YOU were logged in; good luck attempting to invoke your SAAS 70 (which I believe more than assumes the Owner is acting responsibly and maintaining the fundamental security and access to said system by, yes you guessed it, locking the machine when they are not present.)
We’ve most commonly referred to it as “getting bageled”. The first offense is usually a warning by way of email from their own account reminding them the importance of network security and their role in it. On further lapses, the offender (and that is EXACTLY what the person NOT properly securing their workstation is) generously emails the office his intention to bring bagels (or donuts) for breakfast the next morning. Anything beyond that is usually a judgment call based on the relationship between the offender and the person catching him or the offender’s demeanor in general.
Judging by some of the uptight responses above, I’d guess most of these “pranks” are attempts at levity designed to help you removed the sticks from your behinds.