Written by Bradley Morrison

It is lunchtime! The team opt to leave the office for food after a productive morning in the office. When they arrive back, multiple members of staff report that the confidential documents they had been working on prior to lunch have been compromised. The common denominator was that employees failed to clear their desks when departing the office; the organisation is in need of a clear desk/clear screen policy.

So, what is a clear desk/clear screen policy?

Perhaps the simplest way to keep information safe is to comply with the ISO 27001 standard and the Data Protection Legislation by implementing a clear desk/clear screen policy. 

Why is this so simple? 

Because this policy facilitates exactly what it says on the tin; all you have to do to adhere is keep both your desk and screen clear, that’s it! 

Some top tips to accomplish best practices include: 

– Lock away sensitive information when leaving your desk unattended.   

– Lock your computer screen when leaving your desk unattended. 

– Lock away passwords and usernames on sticky notes after use. 

– Shred hardcopy documents that are no longer in use. 

– Erase/turn off sensitive information left in meeting rooms, such as electronic and physical whiteboards.

– Lock office doors when they are not in use.

– Retrieve documents immediately when using shared printing.

– Computer screens should be angled away from unauthorised persons when in use. 

This policy helps prevent the risk of security breaches in the workplace by ensuring that sensitive information, both hardcopy and electronic, are removed from the eyeline of unauthorised persons, reducing the likelihood of sensitive information being stolen, erased, modified and accessed. This policy is particularly of importance when you leave your desk unattended during breaks or at the end of the working day.

How do you implement a clear desk/screen policy?

– Documentation: Write up and embed your clear desk/clear screen policy for your company.  

– Accountability: Ensure all staff, including senior management within the company not only adhere to this policy but are also held accountable for how they handle sensitive information in relation to this policy.

– Training and awareness: All staff, including senior management, should attend training sessions on how to keep your desk tidy/clear and posters around the office are also encouraged to promote this policy, including the repercussions of non-compliance.

– Provide a secure environment: Provide secure equipment such as lockable cabinets/draws and restrict the use of a paper environment; there should be a strong enforcement of electronic documentation as they are safe and can be restricted on a need-to-know basis. 

– Ensure compliance: Managers in each department of your company should inspect that this policy is being adhered to on a daily basis. 

When you next nip out for a bite to eat, do consider the state of your desk before departure! 

If you want advice on how to implement a clear desk/clear screen policy for your company, Bivika offers toolkits, guidance, audits and policies to help you. Please do get in touch via info@bivika.com.