How and Why to Start Your Own Clean Desk Policy
An increasing number of workplaces in the U.K. are implementing a clean desk policy – and it’s not just about presenting a tidy image.
What is a clean desk policy?
It specifies how employees should keep their working space, and it’s one of the simplest ways to comply with privacy laws, emphasise information security in the workplace, and reduce the risk of a data breach and identity theft.
To introduce an office clean desk policy, it’s important to educate employees about what is required. Over time, clean desk policy requirements will become part of the workday.
Here is a checklist for keeping work spaces tidy – and secure.
Start of the workday
- Staff and others should plan work tasks when they arrive, gathering together only the documents and devices necessary to do the job.
- After viewing emails and opening needed documents, reduce or close pages on the screen.
- Try to always be aware of any confidential information being used. In the 2015 3M Visual Hacking Experiment by Ponemon, ‘contact lists and directories’, ‘customer/consumer information’, ‘financial, accounting and budgeting information’, and ‘access/login information’ were spotted and visually stolen most in the workplace.
- Use a simple filing system – so that documents are filed right away. Research has shown that loose paperwork leads to unauthorised access, theft and fraud.
- A good Document Management process also limits access to confidential data to those who need the information to do their jobs. Accountable information ‘owners’ are responsible for processing, storage, and secure disposal. The Data Protection Act (DPA) requires all organisations to ensure that personal information is kept secure. The penalty for non-compliance can be a fine up to £500,000.
Leaving the work space temporarily
- Do a quick scan of the work area, and remove and secure any visible sensitive information.
- Switch on the password-protected screen saver.
- Take printed documents that are no longer needed and put them into locked consoles provided by a document destruction partner for secure shredding. Eliminating waste and recycling bins is one of the easiest ways to reduce the risk of a security breach, according to the 2014 State of the Industry Report.
- Carry mobile devices, or secure them inside a drawer.
Other workday chores
- As far as practicable, when sensitive or confidential information is being worked on, close or minimise the window or lock the computer when unauthorised persons are nearby.
- Never leave confidential documents unattended on flip charts or whiteboards in meeting rooms. When the meeting is over, do not leave behind any confidential notes or information in plain view.
- In shared printer and fax machine areas, immediately remove all sensitive documents from equipment.
End of the day
- Clear desk of papers including post-it notes and paper that contain sensitive information.
- Log out of desktop computer, and shut it down.
- Store removable computer devices, DVDs, USB sticks, etc.
- Lock draws and filing cabinets, and store keys in a secure location.
Find out the level of document security in your organisation with this DIY information security checklist. Prevent security risks and ensure your data is secure by working with secure paper shredding services.