We all have our own ways of creating our perfect working environment. Some of us like to have photos of family on our desks, some of us like the minimal look, and then there are those of us who must delve through several layers of old Post It notes and play coffee cup chess before we can find anything on our desk. Now, it is pertinent to mention at this juncture, that there is a school of thought that says that a ‘messy desk means a clear mind’. However, when it comes to the world of security and privacy, this sentiment goes out of the window. We may have our web access firewalls configured, our database security perfect, and our desktop security policies in place, but if an employee leaves a Post It note with their password on, lying around, it may all be for nothing.
A Clean Desk Policy Equals Attention to Security
A clean desk policy is part of an overall company security strategy. It is, as it states, about keeping your work desk clean. In general, a clean desk policy will mandate that at the end of each working day, that employees clear their desk. This means, for example, securely disposing of Post It notes, keeping written notes in a safe place, and ensuring that any removable media isn’t just lying around.
Keeping desks clear of clutter is less about making the office look smart, and more about preventing the theft of sensitive information, or gaining access to a desktop because a carelessly left out paper note has a password written on it.
Getting to Grips with a Clean Desk Policy - 5 Top Benefits
The ISO 27001 information security standard directs us to use a clean desk policy. If you do so, this carries weight towards ISO 27001 compliance. There are a number of things you can do to create a clean desk policy that is simple to implement and have great benefits. Here are my top 5 tips to the benefits of a clean desk:
Benefit #1 Clean = Green = Cheap:
A clean desk policy encourages the use of digital documents as opposed to hard copy ones. This encourages the paperless office and helps us to be greener – the average North American using around seven trees per year in the form of paper. It also, by default, cuts down on costs too as U.S. companies spend around $120 billion a year on form printing.
Benefit #2 Sensitive information is kept in control:
The most obvious benefit of a clean desk policy is that you will control sensitive information from lying around for all to see. Periphery items, like USB keys, should be locked away at the end of each day, preventing opportunist theft of data. Printers should be checked to make sure documents are not left on or beside the printer. Meeting rooms should be cleared out at the end of each meeting and double-checked at the end of the day.
Benefit #3 Help with compliance:
As mentioned earlier, keeping a clean desk policy in place has the added benefit of helping you meet the requirements of ISO 27001. It also helps you comply with other industry standards such as the Health Insurance Accountability and Portability Act (HIPAA).
Benefit #4 Keeping your company secure:
A clean desk policy should advocate that passwords are never written down on Post It notes. Password management should be done as a separate company policy, perhaps using password managers. Ad hoc password management is like leaving the keys to your office in the street with a sign saying, “please feel free to use these keys at the company over the road”
Benefit #5 Looking good:
Having a clean desk policy has the result of making the office space free of clutter. In today’s modern open plan office this is especially welcome. It removes annoying mess and prevents the smell of old paper and food building up. A clean desk policy just generally creates a more positive place to work in.
When you look around your office at the variety of ways your employees use their desk space it may seem like an uphill struggle to implement a clean desk policy. But the benefits of taking this step, cut across everything from improved security to protection of privacy, helping with security compliance, and making the office a nice place to be. Encouraging your employees to buy into a clean desk policy will benefit both themselves and your organization.
About AVANI DESAI
Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.