What should you do when a coworker leaves their computer logged in and unattended?
Most companies have written policies (sometimes automatically enforced) that dictate a minimum time after which a password-protected screen saver has to be triggered, but to keep the system usable that timeout in my experience is often 10-15 minutes; better than nothing, but still quite a while to leave a computer unprotected.
Responsible colleagues will see an unlocked computer and, wanting to protect valuable corporate information, will sometimes want to take action to resolve this heinous occurrence. But what action should they take?
A good coworker will probably do the responsible thing, approach your computer and engage the screen saver for you. Windows makes this very easy – Windows-L does the trick nice and quickly for example. This is the “proper” response.
At one company my standard response for a while was to open up a full screen Notepad window and type a message in it along these lines, using whatever official-sounding company-specific terms would make it as plausible-sounding as possible:
WARNING: Your computer has been left unattended and unlocked in contravention of the Corporate Security Policy. This incident has been noted and forwarded to your manager for processing. When you read this message please immediately contact Corporate Security on x1234.
And then I would lock the computer, like a good drone should. This had a roughly 50% success rate of getting the victim to call the Security team who would undoubtedly spend a few minutes trying to figure out why on earth the victim was calling them and what on earth they were talking about, during which time everybody who knew what had happened was trying to stifle their laughter, often quite badly.
The Downright Hilarious
The funniest solution I’ve seen mixes direct punishment with peer pressure to both make a point and to attempt to change future behavior.
You know when a victim has been discovered because “they” send an email to the group distribution list with the Subject “I feel pretty…” The body of the email usually contains “Oh so pretty!” The response to seeing such an email usually starts with “Oh jeez, not again…” and can deteriorate rapidly downhill from there, especially for repeat offenders.
I have no idea which genius came up with this, but every time I have seen one of those emails I have laughed out loud and been cruelly ear-wormed with that song. It’s the perfect solution to a common problem. Naturally, once the email has been sent, the victim’s computer is locked for them, so both humiliation and security see a win.
What do you do? I need more ideas, because this isn’t a problem that’s going to go away quickly!
When I was an intern at IBM, standard policy said to lock your desktop if you walked away for more than 30 seconds. Since this was Windows NT4/2000 days, auto-lock was unreliable at best.
IBM had just standardized on using Lotus Sametime as the internal IM protocol. Most people had Sametime running in the background with huge buddy lists of anyone they didn’t want to walk down the hallway to speak to. Sametime also enabled the ability to send a broadcast message to the entire buddy list.
The pranksters in my department would see an unlocked computer and send an nonsense message to the entire buddy list. Something along the lines of “I am a meat popsicle” or “I shave yaks with safety scissors”. When we all got a popup of that nature, we knew who left their PC unlocked.
Security was gradually increased as the yak shaving incidents were curtailed.
Humiliation seems to be a winning tactic here! Thanks for sharing, Tom!
CTRL+ALT+DOWN works a treat on Windows machines!
Things can make more sense after doing that, for sure. 😉
I normally send out a meeting request to the group that the person who left their machine unlocked that they are paying for lunch at an expensive restaurant. Then delete the message sent, and then lock their computer… they learn very quickly.
I think you may have just solved my lunch dilemma for next week. Thank you!
I’ve heard stories of people emailing resignation letters to their direct managers because locking their computer was too hard.
A coworker once left his account logged into a computer in one of our larger meeting rooms. I was stuck on a conference call for the next hour, so I decided to start creating meeting invites. Random days, random times across the next 10 years. Most of them were setup to be repeating as well.
He is still finding them over a year later. But I think he learned his lesson.