September 22, 2014

Implementing a Clean Desk Policy: 9 Key Actions You Can Take To Prevent a Data Breach

Over the years, there have been different arguments made for and against a clean desk policy in the workplace.

Some people say it stifles creativity, and de-personalises the workplace.

Others say it conveys an air of competence to outsiders, and helps make employees feel more organised.

Most recently, it has been given the thumbs up because it accommodates ‘hot desking’, i.e. using desks according to need rather than assigning permanent spots to individual staff members.

But the most important reason today for a clean desk policy is information security – and there’s no argument there.

By definition, a clean desk policy specifies how employees should leave their working space when they aren't there. Sensitive information must be protected at all times from anyone who may pass by including other employees, cleaners, and office visitors.

Desks should be cleared of all papers, particularly those containing sensitive information such as personal details, account numbers and commercially-sensitive data, plus any other non-essential documents and notes (including the ubiquitous post-its – in this digital age, why are people still so attached to them?!) The policy should also extend to sensitive information on computers.

In effect, a clean desk policy is one of the simplest ways to protect sensitive information and to reduce the risk of a data breach and identity theft.

A clean desk policy also helps organisations comply with information security regulations including the Data Protection Act.

Some of the key actions involved in implementing a clean desk policy:

  1. Put the policy into writing, and distribute copies to all employees.
  2. Be sure there is buy-in at the executive level. The senior team must follow and advocate the policy.
  3. Explain exactly what is expected of employees. For example, when away from the desk, all sensitive information must be removed from the desk surface and filed or locked up; also, switch on the computer’s password-protected screen saver.
  4. Make it part of the working day. Suggest employees start the day by planning and organising documents needed for their immediate work. If an employee has to leave to attend a meeting or take a break, do a quick check first to see if there is sensitive information on the desk – and secure it. Always leave a clean, clear desk at the end of the day.
  5. Employees should be provided with clean desk tools. Equip desks with lockable drawers, or provide small lockable storage boxes so employees can lock up printed documents that may contain confidential data.
  6. Encourage electronic over paper documents when possible. Have a routine back-up system in place for secure electronic document management.
  7. Make it easy for employees to keep their desks free of paper by partnering with a document shredding company for document disposal. Locked consoles should be placed in convenient places in the office and documents should be shredded on a regular basis. Remind employees that sensitive documents should never be put into the waste or recycling bin.
  8. Provide friendly reminders. For example, add a tagline to email signatures such as ‘Please consider the environment before printing this email’. Hang up reminder signage in key areas of the office. Distribute desk tent cards containing a reminder of the policy.
  9. Appoint one or more employees to monitor office areas. There should be consequences for policy non-compliance!

Learn more about how to increase the security of information in your office with a clean desk policy.