Is Your Office Security in the Danger Zone?
A strong culture of office security has been described in various blogs as "both a mindset and a mode of operation” – and integrating different aspects of security into the workplace makes sense.
A well executed Clean Desk Policy is a good example of how employee mindset and secure workplace processes can work hand-in-hand to create better and more effective security across the board.
What is a Clean Desk Policy?
It is a communicated directive that requires employees to remove, lock away or securely dispose of confidential materials when the information is not in use, or when they’re away from their workstation. The desk and workstation must be clear of clutter (including post-it’s and business cards), work papers, and other information.
The policy also applies to electronic information, and increasingly security experts refer to a ‘Clear Screen Policy’. Confidential information stored on desktop hard drives and mobile devices such as laptops and smart phones may be at risk for visual hacking and theft.
How does a Clean Desk Policy help keep confidential information more secure in – and out of – the workplace?
- The policy is integrated into all aspects of the workplace including on-going training, security audits, IT processes such as password policies, and physical security such as lockable drawers. (Take this Clean Desk Policy Quiz to see how your office security fares.)
- The policy helps reduce insider fraud. When information a company handles has value outside the business, some people may be tempted to commit insider fraud. But a Clean Desk Policy reduces the opportunity.
- Compliance is enhanced. Organization policies are increasingly driven by information security compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLB).
- Employee error is less likely. The Verizon 2015 Data Breach Investigations Report showed that 55% of theft of workplace information occurred within the victim’s work area. But when the workplace is tidy and clear of papers, it’s easier to make sure that confidential information is not left out accidentally. Policies extend to common printers and fax machines, and meeting rooms too.
- A Clean Desk Policy is an effective team-building exercise. Seeing company-wide compliance – and it’s essential that higher level staff practice the policy too – strengthens everyone’s engagement and commitment.
- Employees are on watch. When employees are team-players and security aware, they tend to also be more aware of suspicious behavior in others – and will report it.
- Information security is 24/7. Once employees have clean desk habits, they’ll apply them outside the office too. The Verizon report showed that employee-owned vehicles (22% of incidents) are a common location for information theft to occur.
- Secure information disposal is a standard workplace process. When documents are no longer needed, they are securely disposed of in designated locked consoles. There is also a process for secure hard drive and e-media destruction. An information destruction partner provides secure on or off-site shredding services.
Take our Clean Desk Policy quiz to see where a Clean Desk Policy could help you!