Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Benefits of a Clean Desk Policy

Cybersecurity Assessments

We all have our own ways of creating our perfect work environment.

Some of us like to have photos of family on our desks, some of us like the minimalist look, and then there are those of us who must delve through several layers of old Post-It notes and play coffee cup chess before we can find anything on our desk.

Now it's pertinent to mention at this juncture that there is a school of thought that says that a "messy desk means a clear mind." However, when it comes to the world of security and privacy, this sentiment goes out the window.

We may have our web access firewalls configured, our database security perfect, and our desktop security policies in place, but if an employee leaves a Post-It note with their password on it lying around, it may all be for nothing.

In this article, I'll talk about what exactly a clean desk policy is, along with the top 5 benefits of implementing one, so that you'll better understand if this is something you should introduce to your organization.

What is a Clean Desk Policy?

Only part of an overall company security strategy, a clean desk policy is about keeping your work desk clean. In general, this will mandate that at the end of each working day, employees clear their desks. This means, for example:

  • Securely disposing of Post-It notes;
  • Keeping written notes in a safe place; and
  • Ensuring that any removable media isn’t just lying around.

Keeping desks clear of clutter is less about making the office look smart and more about preventing the theft of sensitive information, or preventing unauthorized access to a desktop because a carelessly left-out paper note has a password written on it.

Top 5 Benefits of a Clean Desk Policy

There are a number of things you can do to create a clean desk policy that is simple to implement, but why should you actually make the effort?

Here are the top advantages that come with requiring clean desks:

Benefit #1: Clean = Green = Cheap

First, a clean desk policy encourages the use of digital documents as opposed to hard copy ones.

This strengthens the paperless office and helps us to be greener – the average North American uses around seven trees per year in the form of paper. It also, by default, cuts down on costs too as U.S. companies spend around $120 billion a year on form printing.

Benefit #2: Sensitive Information is Kept in Control

But actually, the most obvious benefit of a clean desk policy is that you'll better control sensitive information since it won't be lying around for all to see. 

Some periphery items to remember to include in your policy include:

  • USB keys: Should be locked away at the end of each day to prevent opportunist theft of data.
  • Printers: Should be checked to ensure documents are not left on or beside the printer.
  • Meeting rooms: Should be cleared out at the end of each meeting and double-checked at the end of the day.

Benefit #3: Helps with Compliance

If you're in the process or considering ISO 27001 certification, that information security standard actually requires a clean desk policy. So, if you implement one, this will help your current certification efforts and will carry weight in the future if you're still just considering ISO 27001 compliance.

Not only that, but implementing such a policy will also help you comply with other industry standards, such as the Health Insurance Accountability and Portability Act (HIPAA).

Benefit #4: Keeps Your Company Secure

A clean desk policy should advocate that passwords are never written down on Post-It notes. Password management should be done as a separate company policyperhaps using password managersbut not leaving them so readily accessible is a must.

Ad hoc password management is like leaving the keys to your office in the street with a sign saying, “please feel free to use these keys to this company right here!”

Benefit #5: Looks Good

Aside from all the security benefits, having a clean desk policy also keeps your office space free of clutter. In today’s modern open-plan office, this is especially welcome.

Clean desks prevent annoying mess, the smell of old paper, and any leftover food from building up. By mandating them, you'll generally create a more positive place to work in.

A Clean Desk Policy Equals Attention to Security

When you look around your office at the variety of ways your employees use their desk space, it may seem like an uphill struggle to implement a clean desk policy. But the benefits of taking this step are clear—they cut across everything from:

  • Improved security
  • Protection of privacy
  • Helping with security compliance
  • Making your office a nice place to be

Encouraging your employees to buy into a clean desk policy will benefit both themselves and your organization, but that's not the only thing you can do to improve your security. To learn more, check out our other articles that provide in-depth tips on other facets of cybersecurity:

About AVANI DESAI

Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.