Voir en

français

Computer Security: Free croissants for everyone

|

home.cern,Computers and Control Rooms
(Image: CERN)

“I am looking for a partner, either male or female, to attend salsa lessons with. I have a great body and enjoy rubbing it against other people on the dancefloor. I would consider dinner afterwards with the right person. If you think you can keep up with me and enjoy getting sweaty, send me a message” – this is a quote from a post made by one of our colleagues. Or so it would seem. It was actually made from their computer. Left alone and without the screen locked, its owner out for a coffee. And their office mates found it funny to take advantage of the situation. But is it funny? Or does it count as “mobbing”? In the end, it turned out, nobody was at ease anymore. Neither our colleague, nor their office mates.

And this is not the only case we have seen. In other sections, it is custom for unattended, unlocked computers to be used to send Mattermost messages to all colleagues in the name of the computer’s owner: “Stefan is bringing croissants for everyone tomorrow. Join him in his office.” Much funnier than above. But still, avoidable. Unattended, unlocked computers lurk everywhere. In offices, including the offices of group leaders! In the CERN library. In CERN’s restaurants. The owner having popped out for a coffee, lunch, smoke or toilet break. Unattended. Unlocked. Unprotected. Open house for everyone. And “salsa” or “croissants” might be the better tip of the iceberg. What about people snooping through your emails or private photos? What about them accessing the webpages you have open? Or the MERIT documents of your team? What if people were snooping in your emails looking for personal stuff? What about abuse of your CERN computing account? Have you considered that all these examples could involve your own personal data and that of other people? The iceberg is much larger. Just use your imagination…  

For this reason, we strongly encourage everyone to lock their computer with a password-protected screen lock when leaving the device unattended. “Windows-L” in Windows, “Control-Command-Q” on MacBooks and, probably, “Control-Alt-L” in Linux systems. You can also configure your computer to do this automatically after x minutes of inactivity (just search for "Screen Saver"-settings). If not, it will be free croissants for everyone. And you would have to count yourself lucky if that was the only consequence you had to face…

P.S. Obviously, “mobbing” is not just an abstract word. Neither is “stalking”. Both are a reality. Unfortunately, also at CERN. If you encounter mobbing or stalking, against yourself or a colleague, please report it to your manager or to the CERN Ombud.

Furthermore, do not hesitate to spread the word by downloading this poster prepared by the Data Privacy Coordination Committee. Don’t let personal data leak – when you leave your office even for a few minutes, please lock your screen!

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.