Security: Implement Security Guidelines to Protect Sensitive Personal Data
5. Force appropriate session timeouts. A system or storage device should be idle for no more than 15 minutes before the user automatically is logged off the system.
6. Identify and eliminate inactive accounts. “Accounts of terminated employees and contractors should be shut down within 24 hours,” write the white paper’s authors. Additionally, be sure to regularly cross-check user accounts against human resources’ records to ensure that former employees’ access has been terminated.