Having a clean desk policy is becoming more and more common these days. Now that many businesses are bringing employees back to the office, many of them are re-evaluating their IT & security policies. Instituting a clean desk policy is controversial in some circles, but it also clearly has its advantages. We spoke to the Chief Information Security Officer of Epignosis, Victor Kritakis, about why he sees this policy as a vital part of the company culture & security standard. Watch our interview below.
What is a Clean Desk Policy?
A clean desk policy is exactly what it sounds like. Any time an employee gets up from the desk, or leaves for the day, they must tidy up the work area and securely store any sensitive information. This doesn’t just apply to documents.
For Victor and his company, this also applies to storage media, cell phones, and external drives. Since many companies are moving to digital documents as opposed to physical, unattended media can pose a serious threat. Many employees use USB devices to store documents when transitioning between the home and the office. This also adds another layer of risk for a company.
Six out of ten employees say that they’re using unencrypted USB devices for work. Even more startling is that 48% of employees who lost a USB device, didn’t notify management of the loss. It’s important that every company maintains strict guidelines to include storage media protocols. It’s also important to educate as much as possible. Victor makes it clear that training and education are the most important tools in his arsenal.
Epignosis takes the clean desk policy even further, by adding a locked screen policy. This simply means that any time an employee is not at their desk, the screen should be locked and password protected. Victor explains that this policy keeps information secure from any unintended onlookers. This could be visitors to the office, employees that aren’t privy to that level of information, or even cleaning crews. You never know how might see something they aren’t supposed to.
Advantages of a Clean Desk Policy
There are numerous reasons why a company would want to institute a clean desk policy. Aside from aesthetic reasons, and keeping data secure, it can also help reduce the amount of paper used. Since many offices are operating in a hybrid fashion, it might make sense to use a cloud service to streamline operations. This limits who is able to access files, as well as eliminating the need to make multiple copies.
Another reason would be to meet compliance requirements, or maintain organizational standards. As Victor explained, instituting the clean desk policy was instrumental and necessary for his company to achieve the ISO 27001 information security standard. Achieving these security standards are not easy, and it goes a long way to establish trust and credibility. Although there are over a dozen steps to achieve ISO 27001, it can’t be achieved without first having a clean desk policy. This ISO is just one way to let your clients know that their information is being handled with the utmost care.
Navigating Hybrid Workforces & Data Security
As Victor explained in our interview, the clean desk policy can be difficult to maintain in a hybrid environment. However, Victor believes that constant training and education is the key to keeping data secure. He doesn’t believe in penalizing employees for infractions, but rather using these infractions as teachable moments.
“I like to do little audits,” he says. He goes around the office looking for sticky notes, or pieces of paper with sensitive information. “I steal them in some way, and put them in my office. When the employee looks for that piece of paper, they really understand the importance of the policy.” Training needs to be constant and practical. Nothing gets the point across like a real-world scenario.
A recent study found that 57% of employees admitted to writing passwords on sticky notes and leaving them on the desk. Of that number, over ⅔ admitted to losing the paper at some point. Even as of this writing, the Colonial Pipeline hack is thought to have been the result of a single password being compromised.
Victor says that the clean desk policy, in conjunction with other protocols, is essential for keeping his business secure. “Of course we shred all documents” as one way of limiting exposure. Since Epignosis is a tech firm, they also try to use e-documents whenever possible which also helps them meet environmental benchmarks. Overall, Victor sees the clean desk policy as essential. He says it has been a huge help to his company for security and compliance reasons. He recommends for every business to have a policy of this nature, and to routinely update and educate your employees.
Shred Nations Offers a Variety of Tools
We can help you find secure shredding in your area, and we partner with some of the top industry professionals for asset disposition as well. Keeping your business secure starts from the top down, and as requirements change, so does technology. See how Shred Nations can keep you at the forefront of data management and security. For a free no-obligation quote fill out the form to the right, use the live chat option, or give us a call at (800) 747-3365. You’ll receive a response in minutes from top specialists in your area.