We all know the feeling and frustration of losing something amongst the mess that can be our garage, travel bag, car, home or work station. And sometimes – quite often in fact – the loss turns out to be a theft; something we discovered too late only after the fact because of the disorder. The solution? Clean up and clear away; especially at the workplace. Having a clean desk at work is more than de-cluttering your space – it’s about keeping confidential information secure. Did you know that 55% of all theft at work occurs within the victim’s work area? A clean desk and clear screen policy reduces the risks of unauthorised access, loss of and damage to information during and outside normal working hours. A five minute coffee break can easily turn into an hour away from your desk. Meanwhile, your computer screen may be exposing sensitive data in plain view to all who pass by.
If your organisation places any value on the sensitive information it holds, a Clear Screen Policy should be implemented.
What is a Clean Desk and Clear Screen Policy?
The clean desk and clear screen policy refers to practices that ensure sensitive information – both in digital and physical format, and assets (e.g. notebooks, cellphones, tablets, etc.) are not left unprotected at personal and public workspaces when they are not in use, or when someone leaves his workstation, either for a short time or at the end of the day. A clear screen policy directs all your organisation’s employees to lock their computers when leaving their desk and to log off when leaving for an extended period of time. This ensures that the contents of the computer screen are protected from prying eyes and the computer is protected from unauthorised use. A clear screen policy and a clean desk policy work hand-in-hand to safeguard your organisation’s information.
Why is a Clean Desk and Clear Screen Policy Necessary?
With the popularity of open plan offices and sharing computer workstations, there is a greater need to safeguard your organisation’s information. In addition, a clean desk and clear screen policy should be adopted because of the numerous benefits it can provide to your organisation. Here’s three.
- Prevent Prying Eyes
Computers that are left logged on and unattended pose as a tempting target for prying eyes. For example, many employees entrusted with sensitive information often leave documents open inplain view and leave their desk for breaks. An individual in your accounting department may leave a document open exposing the hourly wages of all employees in the office.
- Prevent Unauthorised Access
A clear screen policy not only prevents curious passerby’s from observing information they should not have access to, it also prevents unauthorised access. Computers left unattended provide the opportunity for malicious data input, modification, or deletion, often to the worker’s blame.
- ISO 27001/17799 Compliance
A clean desk and clear screen policy are necessary for the global standard ISO 27001/17799 compliance. Get a head start on compliance by implementing these policies as soon as possible.
Some simple, low-tech clean desk and clear screen practices you can implement…
Use of locked areas: lockable drawers, archive cabinets, safes, and file rooms should be available to store information media (e.g., paper documents, USB flash drives, memory cards, etc.) or easily transportable devices (e.g., cellphones, tablets, and notebooks) when not required, or when there is no one to take care of them. Beyond the protection against unauthorised access, this measure can also protect information and assets against disasters such as a fire, earthquake, flood, or explosion.
Protection of devices and information systems: computers and similar devices should be positioned in such a way as to avoid people passing by to have a chance to look at their screens, and configured to use time-activated screen savers and password protection to minimise chances that someone takes advantage of unattended equipment. Additionally, information systems should be logged off when not in use. At the end of the day the devices should be shut down, especially those network-connected (the less time a device is on, the less time there is for someone to try to access it).
Restriction on use of copy and printing technology: the use of printers, photocopiers, scanners, and cameras, for example, should be controlled, by reducing their quantity (the fewer units available, the fewer potential data leak points) or by the use of code functions that allow only authorised persons to have access to material sent to them. And, any information sent to printers should be retrieved as soon as practicable.
Adoption of a paperless culture: documents should not be printed unnecessarily, and sticky notes should not be left on monitors or under keyboards. Remember, even little pieces of information may be sufficient for wrongdoers to discover aspects of your life, or of the organisation’s processes, that can help them to compromise information.
Disposal of information remaining in meeting rooms: all information on white boards should be erased and all pieces of papers used during a meeting should be subject to proper disposal (e.g., by using a shredder).
CybACADEMY courses powered by GoldPhish® educates employees on the cyber risk and helps build a more secure organisation with awareness training.
Our current FREE100 Campaign is aimed at helping smaller businesses get one step ahead of the cyber criminals with Free awareness training.