Implementing a Clean Desk Policy

by | Apr 29, 2021 | Security

Implementing a Clean Desk Policy

Your computer keyboard is dirtier than a toilet! The same is true of computer mice and smartphones. The evidence is clear: the dirtiest places are right at your fingertips. While microscopic germs like strep and e. coli are hiding seemingly all over your desk, there may be a greater danger in plain sight. Your desk may have been infested with…wait for it…confidential information! Seriously, it’s time to clean up your act.

Over time, bad habits can creep into your life. You wipe your nose, and then touch the keyboard. You change your password, and write the new one down on a Post-It note. The former may involve getting sick, but the latter may involve losing your business! You’ll recover from a cold, but will your business recover from a data breach?

The risk is real. Data breaches cost $3.8 million on average, so a great deal of resources are devoted to protecting against such breaches. But, even the most sophisticated and expensive firewalls and computer systems can’t keep confidential information secure if users leave data laying all over their desks on reports, portable storage media, or sticky notes. While billions are spent on data security, keeping unattended desks in your office clear of confidential information is cheap, easy, and takes very little time.

Then create a written Clean Desk Policy that clearly states that confidential information must not be left in in an unsecured manner on any unattended desk. This policy should complement the Physical Security Policy, Password Policy, and the Visitor Access Policy. There may be some overlap between policies – the important thing is that they are all in agreement. Once the policy has been stated, support the policy with unambiguous standards such as:

  • Passwords must not be written down.
  • Confidential data must not be written on Post-It notes and left in plain sight or accessible in an unlocked container
  • Confidential information (including passwords) should never be written down on whiteboards, unless absolutely necessary and should be erased promptly.
  • Drawers and cabinets containing confidential information should be locked.
  • Printing confidential data should be discouraged unless absolutely necessary.
  • Confidential information printed on paper should be removed from the printer immediately.
  • Sensitive data printed on paper must be shredded after it is no longer needed or placed in locked shred bins for shredding at a later time.
  • Computer screens should be locked while the desk is unattended.
  • Laptops should be locked in a desk, cabinet, or secured with a cable to a stationary document, such as a desk.
  • Portable storage devices, including optical and magnetic media should be locked up in a secured desk or cabinet.

Ready to Automate Your Security Compliance?

Managing security policies and procedures across your organization doesn't have to be complex and difficult. Compliance simplified with ConcentricCompliance!

Make sure the policy is communicated to all your employees. Let employees know they are accountable for staying in compliance with the policy and specify the consequences for non-compliance. Explain the expectations of the policy and what is at stake. Most employees will respond willing cooperation. It will not only make the workplace more secure, an uncluttered work environment can improve productivity and reduce stress, so it’s a win-win for everyone. And while you have your employees cleaning their work environment of confidential information, you might want to do something about those germy keyboards!