In two of my previous posts about information security, I tackled a list of topics on improving and hardening your personal information and work from home security. But now, with organizations trying to bring their workforce back to their offices, employers and employees have to face some new threats to information and cyber security. Of course, you can easily apply all of these easy-to-implement tips to improve cyber security in the workplace and make your corporate office a safer space.
Many employees used the opportunity to work from home. With that, organizations needed to shift their expectations of conducting business solely in one controlled location. Now, with people continuing to return to the office, businesses are confronted to adopt a new, hybrid work model. With that shift, increasing security and privacy concerns have been thrown into the spotlight. One of the biggest concerns, indicated by employees using co-working spaces, is privacy. A survey on co-working challenges states, that 48% of workers find the lack of privacy an issue that impacts their day-to-day use of these areas.
Clean Desk Policy – The Key to Improved Cyber Security in the Workplace
The topmost important thing to keep your shared workspace or workplace safe is keeping it clean. A Clean Desk Policy is an implementation requirement of ISO 27001, the leading international standard focused on information security. Also, businesses have to implement Clean Desktop Policies in order to comply with regulations like HIPAA, SEC, NIST, or CMMC.
What is a Clean Desk Policy
Implementing a Clean Desk Policy ensures that all important documents, confidential letters, binders, books, etc are removed from a desk. For example, you have to lock away such items if they are unused or you leave your workstation. A Clean Desk Policy is one of the top strategies to utilize when trying to reduce the risk of security breaches.
By having a clean desk, you not only eliminate clutter but also help prevent the likelihood that anyone can gain access to your company’s information or the information of your clients. So, even if your company has not implemented a Clean Desk Policy yet, we strongly ask you to follow the basic principles of a clean desk.
Making a Clean Desk Policy Work
Having the tools you need to make the policy work is crucial. A lockable storage to store items is essential. Of equal importance is a reliable and routine backup system for keeping electronic documents safe, and designated lockable shred bins will aid in following the policy. The same applies to remote and hybrid work. Make sure to have the tools at home to effectively secure items and documents. The rules of a Clean Desktop Policy should encourage a neat, clutter-free work environment. E.g. this means the working areas should not contain:
- Post-it notes
- Information like User IDs or Password
- Account numbers
- Personal identifiable information (PII)
- Client information
- All kinds of loose papers and printed documents that may contain confidential data
You should consequently put away nonessential items and documents, whenever an extended absence from your workplace is anticipated. Likewise, securing documents and electronic media at the end of the workday will also help mitigate some of the risks associated with leaving information unprotected. Always keep your access cards and keys with you and do not share them. In case an item is lost or stolen it is essential that you notify the responsible person or department immediately.
Implementing a Clean Desk Policy
If you want to implement a Clean Desk Policy, it is important to get everyone in your company on board. Furthermore, everyone from the CEO down to the newest hire should be required to adhere to the policy. Every employee handles information that could compromise the organization. It is crucial to let all of your employees know how to follow the policy and its importance. Also, the consequences of disregarding the policy should be clear. On some occasions, the policy may need to be adjusted to include specific language about abiding by the Clean Desk Policy at home.
A Clean Desk Policy should be available as a formal written document. If your company has such a policy, it is highly recommended that you study it closely. Sometimes, spot checks will be conducted, to ensure, that the policy is being followed.
It is a good practice to improve the cyber security in the workplace to create a list of basic items that are allowed at workstations. This may help to maintain a clean workspace more easily. Knowing what items are allowed on the desk might help better understand the policy. It also might improve efficiency on the end-of-day clean-ups. Such a list might include items like
- Phones
- Network connectivity devices
- PC / Laptop
- Inbox / outbox
- Pens
- Staples
- Clear folders
As has been noted, the principles of a clean desk are an essential contribution to information security and data protection. Especially when working in a shared workspace or workplace. If you want to get some ideas about what is written into such policies, here is a short list of example Clean Desk Policies.
- Focal Point Data Risk – clean desk template
- University of Cincinatti – clean desk policy
- Usecure – clean desk policy
Be one of those observant employees, one of those who always notices when something breaks. Being observant will help you to prevent danger, problems, and many other things that can happen at your workplace.
Certain things might not seem unsafe to everyone, but these things can often end up overlooked and forgotten. If you notice anything unsafe at your work, it is your responsibility to report it to your supervisor.
Do not think you are doing a bad thing by reporting something significantly hazardous, you might be actually saving lives or the future of your organization by doing so. There are many things you can find to be unsafe, talking about those things and sharing your thoughts about them will probably help out finding a way to improve and come up with a solution in no time. Maybe there is another employee who has the same thoughts as you, together you can come up with great solutions and maybe even encourage others to speak out.
Rules and Policies for a Better Cyber Security in the Workplace
Your company has rules and policies for a reason, if you never took the time to read them and you simply have no idea what they are about, get to it right now! Rules are something everyone agrees on, it is a list of things you need to respect in order to keep you and your co-workers safe at all times.
You can never know whether you might be doing something wrong; you can be doing something extremely dangerous and risky without even knowing how dangerous it truly is. Safety rules and policies will make it all clearer for you and you should follow them no matter the situation!