September 06, 2016

Why Organisations Need a Clean Desk Policy

Now that the summer holidays are over and everyone’s getting back to regular work hours, it’s a good time to formalise a Clean Desk Policy in the office.

A clean desk is one of the simplest yet most effective safeguards that can significantly reduce the risk of a data breach.

A formal Clean Desk Policy directs employees to put away important paper and digital documents, confidential letters, binders, books, etc., when leaving workstations. The work area should also be clear of post-it notes and other papers that contain information such as user ID’s, passwords, and any account numbers. Employees should hold onto access cards and keys.

How does a Clean Desk Policy help:

Culture of security: A Clean Desk Policy demonstrates to the entire workforce that the organisation is committed to information security. A strong security culture that is integrated into day-to-day thinking and decision-making results in “a near-impenetrable operation”, said a recent securityintelligence.com story.  

Visual hacking:  Information thieves visually hack information from device screens in public places such as airports, parks, and coffee shops. This can happen in the office too.  Employees must always be aware of their surroundings when working with confidential information. Avoid public WiFi for work data. Use privacy filters for device screens.There should be keyboard shortcuts to easily lock computers. In the office, employees should clear screens by logging off and/or shutting down computers when leaving the work area. 

Insiders:  In the 2016 Global Fraud Study by the Association of Certified Fraud Examiners, anti-fraud controls such as a Clean Desk Policy helped lower fraud losses and speed-up detection. Fraud losses were 14.3%–54% lower, and frauds were detected 33.3%–50% more quickly.The median loss for all fraud in the study was the equivalent of over £114,000, with 23.2% of cases causing losses of over £760,000.

Data Protection Laws: A Clean Desk Policy helps an organisation to comply with data protection laws that govern the protection of all information from creation to end of life. 

Loose papers: Ridding the office and mobile workspace of loose paper presents a tidier, more professional image but it also removes the opportunity to steal information. Partner with a document destruction company that provides locked consoles throughout the workplace for documents that are no longer needed.

Mobile devices: A Clean Desk Policy instructs employees to lock away mobile devices before leaving the desk area. The mobile workforce should never leave devices unattended or in full view in vehicles. Research has shown the top spots for hacking mobile devices are cafes, planes, buses and other transportation locales, cars, and hotels.

How to implement a Clean Desk Policy:

  • Create a written document.
  • Communicate it to all employees during on-going training. 
  • Use reminders such as email signatures.
  • Provide lockable storage at employees’ desks.
  • Encourage electronic documents where appropriate.
  • Implement a Shred-it all Policy so all documents must be securely destroyed when they are no longer needed.
  • Partner with a reliable document destruction company to ensure all documents are securely destroyed and then sent for recycling.

Don’t risk becoming a victim of fraud or identity theft. Put an information security policy in place.