Problem solve Get help with specific problems with your technologies, process and projects.

Setting a policy for laptop screensaver timeouts

I am the information security officer for a firm that has many salesmen in the field who use laptops as part of their client advising process. Are you aware of any study that gives guidelines for how high or low to set screensaver timeouts? Absent any kind of behavioral study, this decision seems to be made from the gut.
I'm not aware of any study, but one could certainly exist. The general best practice is to set the timeout so that it can provide adequate security and not be inconvenient to the user. I would suggest anwhere from 10-20 minutes. An even more critical issue to is train (and require) your users to lock their screens when they leave their PCs. If they're using Windows, that's just a matter of two quick steps: press Ctrl-Alt-Del and Enter (to select the Lock Computer option).
For more more info on this topic, visit these SearchSecurity.com resources:
  • Best Web Links: Mobile/handheld security
  • White papers
  • This was last published in October 2003

    Dig Deeper on Endpoint protection and client security