April 28, 2016

Clean Desk Policy: A Winner in Information Security

There are still lots of questions about the Panama Papers, the massive leak of over 11 million documents related to the tax affairs of the world’s rich and famous.

At the same time, cyber security experts warn that this kind of scandalous data breach will happen again because the issue of protecting information from being leaked, hacked, and otherwise stolen is far from being figured out.

While there is so much focus on cyber security (and rightly so, with everyone’s reliance on computers), it’s also important to implement physical safeguards, including secure office storage.  

In a recent post that revealed the top mistakes that lead to a security breach, cyber security provider Adeliarisk identified ‘not having a Clean Desk Policy’ as the third most common mistake (‘no encryption’ and ‘no laptop security training’ ranked 1 and 2).

What is a Clean Desk Policy?

The policy instructs employees to clear desks and offices at the end of every workday of visible information, and to be conscientious about protecting information throughout the day.

There is an increased risk of information theft, fraud or security breach when confidential information is in full view on monitors, paper documents on a desk, and even post-it notes. The 2015 Data Breach Investigations Report showed that 55% of theft in a workplace occurred within the victim’s work area.

Adeliarisk, which specializes in healthcare security, explained that patients might pick up information as they leave a work area, inside fraudsters (co-workers) might steal information that has been left out, or thieves may simply break into the workplace and steal it.

Here are some guidelines for implementing a Clean Desk Policy.

  • Make it official: Put the policy in writing and distribute it to all employees. This information should be part of on-going security awareness training. For the mobile workforce, emphasize the importance of protecting information at all times.
     
  • Top-down commitment: The policy must be adopted by the C-suite and shared throughout the organization. Some workplaces ask employees to read and sign copies of the Clean Desk Policy document.
     
  • Reminders: Use employee communications such as newsletters, e-alerts and posters to remind everyone to protect confidential information. Many workplaces use email signatures for this purpose.
     
  • Provide supports: Provide secure office storage such as lockable desk drawers and storage areas – so employees systematically safeguard digital and paper documents. Install privacy filters on computers.
     
  • Embed information security: Partner with a professional document destruction company that provides a secure chain of custody and document shredding services for both paper documents and hard drives and e-media. The company should replace recycling bins with locked containers so that when documents are no longer needed, they are securely stored until security-trained professionals retrieve them for secure destruction. Introduce a Shred-it all Policy too so that all documents are destroyed when they are no longer needed – and employees do not have to decide what is or isn’t confidential.

Don’t take chances. Commit to data security best practices in your workplace with a Clean Desk policy.