Having a clean desk policy is becoming more and more common these days. Now that many businesses are bringing employees back to the office, many of them are re-evaluating their IT & security policies. Instituting a clean desk policy is controversial in some circles, but it also clearly has its advantages. We spoke to the Chief Information Security Officer of Epignosis, Victor Kritakis, about why he sees this policy as a vital part of the company culture & security standard. Watch our interview below or read the full blog below.
How to Implement a Clean Desk Policy
A clean desk policy is when an employee gets up from the desk at any time, or leaves for the day, they must tidy up the work area and securely store any sensitive information. This doesn’t just apply to documents.
This also applies to storage media, cell phones, and external drives. Since many companies are moving to digital documents as opposed to physical ones, unattended media can pose a serious threat. Many employees use USB devices to store documents when transitioning between the home and the office. This also adds another layer of risk for a company. Every company must maintain strict guidelines to include storage media protocols. It’s also important to educate as much as possible.
Epignosis takes the clean desk policy even further, by adding a locked screen policy. This simply means that any time an employee is not at their desk, the screen should be locked and password protected. This policy keeps information secure from any unintended onlookers. This could be visitors to the office, employees who aren’t privy to that level of information, or even cleaning crews. You never know how might see something they aren’t supposed to.
Advantages of a Clean Desk Policy
There are numerous reasons why a company would want to institute a clean desk policy. Aside from aesthetic reasons, and keeping data secure, it can also help reduce the amount of paper used. Since many offices are operating in a hybrid fashion, it might make sense to use a cloud service to streamline operations. This limits who can access files, as well as eliminates the need to make multiple copies.
Another reason would be to meet compliance requirements or maintain organizational standards. As Victor explained, instituting the clean desk policy was instrumental and necessary for his company to achieve the ISO 27001 information security standard. Achieving these security standards is not easy, and it goes a long way to establish trust and credibility. Although there are over a dozen steps to achieve ISO 27001, it can’t be achieved without first having a clean desk policy. This ISO is just one way to let your clients know that their information is being handled with the utmost care.
Maintaining a Clean Desk Policy With Hybrid Workforces
A clean desk policy can be difficult to maintain in a hybrid environment. However, constant training and education is the key to keeping data secure. Training needs to be constant and practical. Nothing gets the point across like a real-world scenario.
A recent study found that 57% of employees admitted to writing passwords on sticky notes and leaving them on the desk. Of that number, over ⅔ admitted to losing the paper at some point. Even as of this writing, the Colonial Pipeline hack is thought to have been the result of a single password being compromised.
Victor says that the clean desk policy, in conjunction with other protocols, is essential for keeping his business secure. “Of course, we shred all documents” as one way of limiting exposure. Since Epignosis is a tech firm, they also try to use e-documents whenever possible which also helps them meet environmental benchmarks. Overall, the clean desk policy is essential. It’s a huge help to companies for security and compliance reasons. Every business has a policy of this nature and routinely updates and educates its employees.
Keep Your Data Secure With Shred Nations
We can help you find secure shredding in your area, and we partner with some of the top industry professionals for electronics destruction as well. Keeping your business secure starts from the top down, and as requirements change, so does technology. See how Shred Nations can keep you at the forefront of data management and security. For a free no-obligation quote fill out the form, use the live chat option, or give us a call at (800) 747-3365. You’ll receive a response in minutes from top specialists in your area.