Today there’s a very different working landscape. Gone are the days of all employees coming into the office and working a 9-5 shift. Flexible hours and hybrid working has become the norm and as businesses downsize and reduce the number of physical desks in an office, hot desking has become more commonplace. This new style of working can increase your company’s security risks and this is exactly why a clear desk policy is more relevant than ever.
Find out why a robust policy can be so effective and read through our clean desk policy checklist to help you plan how to implement one in your workplace. At a time when cybercrime is getting more sophisticated, it’s important to work from the ground up to keep your business protected.
What is a Clean Desk Policy?
Although it may not feel like it, our work desks can hold a host of information that could be used to conduct cybertheft. From notes we’ve jotted down on a Post-it, to a USB stick popped into a desk tidy or a birthday card which could reveal an important clue to a password, a workstation can harbour far more information than you might think.
A clean desk policy is a set of instructions that your employees can follow to make their desks less of a security threat. It instructs them to remove personal items and sensitive business documentation from their desks whenever they’ll be leaving for an extended period. This could be at the end of the working day, or when another team member will be hot desking at their workstation.
The policy should clearly detail how these items should be dealt with. This will range from taking personal effects home, to shredding documentation or filing it securely. By removing items that could be used to source important information, a clear desk policy reduces the company’s risk of data theft and all the consequences of this.
ISO Compliance and GDPR in the Workplace
If your company is ISO compliant, you’ll be particularly interested in upholding a clean desk policy. IT security is one of the standards covered by the ISO guidelines, notably those relating to ISO 27001. This refers to the international standard for privacy and information security.
Although ISO guidelines are not mandatory, businesses must all comply with GDPR (General Data Protection Regulation), regarding the storage and disposal of sensitive data. Again, a robust policy will make sure your employees are adhering to these rules and keeping data safe.
The Surprising Benefits of a Clean Desk Policy
The great news for business owners and managers is that a clean desk policy offers multiple benefits. By explaining these before sending a clean desk policy pdf out to all employees, you’ll help everyone understand the implications of the actions that are being asked of them.
You can discuss the following benefits with your workforce:
- Improved security and ISO and GDPR compliance – no worker wants to be responsible for causing a data breach, identity theft, or a cyber-attack. Remember, whether the information is stolen physically or digitally, a company could be fined 4% of its annual turnover under EU GDPR rules. Sadly, these incidents often occur because an employee accidentally leaves vital information available for a criminal to utilise. You cannot be sure that a fellow employee, visitor to the office, client or cleaner isn’t looking for data to use for criminal means. Employees should also remember that the type of information available on their desks could also be used directly against them in a cybercrime. This fact can serve as a motivator to encourage them to adhere to the guidelines of the policy.
- Improved efficiency in the workplace – in practical terms, an uncluttered desk improves productivity. We feel more stressed in a messy environment because we are overloaded with visual stimuli. A clean desk policy checklist gives employees clear guidance regarding when and how they should deal with sensitive documents, notes, USB sticks and other items. This makes it easy for them to follow the steps and keep their desk both tidy and secure.
- Saving time and money – as a result of improved efficiency, the policy will also reduce the time spent looking for both paper and digital documents. Often, the policy will call for the use of more digital documentation, thereby reducing the use (and costs) of printing, copying and mailing paper documents. This also has the benefit of making your workplace more environmentally friendly.
- A smart office – when any visitor comes to the office, they’ll receive a far better impression if the desks are neat and tidy. It speaks of employees who are meticulous and organised in their work, which is what prospective clients want to see. Furthermore, with many businesspeople being aware of the security risks associated with desks, those in the know will be delighted to see desks complying with clear desk policies.
The Physical Clean vs. The Virtual Clean
Your employees must understand that to keep information and data secure, they will need to keep their desks both physically clean and virtually clean. Owners and managers need to be mindful of the varying scales of understanding among staff (no matter how competent they are in their role) regarding virtual cleaning.
Make sure those who need guidance are shown how to perform virtual cleaning tasks on their work computer, from email management to complete deletion of sensitive and retired files.
When it comes to physically cleaning desks, your policy must be very clear about the management of sensitive files and documents to prevent the accidental shredding of material or the retention of documents in an unsafe setting, such as a filing shelf rather than a locked cabinet.
Clean Desk Policy Checklist
The best way to make sure you’ve compiled a comprehensive clean desk policy is to create a checklist. Though not all points in our example may apply to your workplace, many will be, and you can curate your own list using this one as a guide.
- Collect documents from the printer or copier as soon as they are ready.
- Remove all visible papers and folders from your desk at the end of the day.
- File all papers and folders according to their security rating (locking applicable items in one of the office’s lockable filing cabinets or drawers), at the end of the day or whenever you will be away from your desk for an extended period of time. Once these storage facilities are locked at the end of the day, place the key in the designated location in the office.
- Keys to filing cabinets and lockable drawers must not be left on desks.
- Remove any personal effects that include information about you at the end of the day, including your phone, purse/wallet, and work ID badge. When leaving your desk for a prolonged period, keep such items on your person or store them in the office locker.
- Take removable devices (such as USB sticks and CDs) from your computer whenever you are leaving your desk, placing them in a drawer until you return. Use a lockable drawer if these devices hold sensitive data.
- Lock your computer system every time you leave your desk. For Windows use Win + L, or for Mac use Ctrl + Cmd +
- Log out of the system at the end of the day.
- Lock laptops in lockable drawers or with a locking cable when not in use and at the end of the day.
- Whiteboards must be erased immediately after meetings.
- Create folders to hold files, with suitable folder categories and passwords if your files hold confidential or sensitive information.
- Shred sensitive documentation as soon as you no longer need it, or shred such documents at least once a week.
Step-by-Step Guide to Implementing the Policy
As comprehensive as your clean desk policy example is, if management doesn’t have effective ways of implementing these guidelines, the security of the business remains at risk.
To help you motivate your employees and make it easy for them to follow the policy, consider the following:
1.Detail the Benefits
Earlier, we looked at all the benefits of a clear desk policy and were reminded that it’s important for staff to understand these too. To make sure the benefits stay fresh in their minds, send email reminders, use printed signs and hold regular security and cyber safety briefings in the office.
In addition to highlighting their own security, promoting improved workflow and productivity can help to get employees on board – especially those struggling with time management or focus. Use this as an opportunity to help these team members organise their desks, sourcing useful stationery if necessary, such as desk tidies and filing systems.
2. Request Feedback
After supplying your employees with a clean desk policy template, ask for feedback. A common comment from staff is that the policy can feel ‘over the top’. To deal with these concerns, remember to offer full training on the risks of data theft and the implications of sensitive information getting into the hands of a criminal. Crucially, you must offer the company’s full support for implementing all the requests you make of your employees on the policy. From a great-quality shredder to clearly labelled filing systems, make it easy for them to meet your expectations.
3.Install Lockable Storage Options
From areas to store mobile phones and other personal belongings, to drawers and cabinets for the files and papers that hold confidential information, make it easy for your employees to keep data safe. Make sure you have great-quality storage that is easy to lock and that offers enough keys to prevent staff from getting frustrated while looking or waiting for a key.
4. Promote Electronic Documentation
If your company has mastered safe electronic storage of data, you should work hard to move away from holding too many paper documents. It’s usually much easier for a physical document or file to be accessed or even removed from the office, so a move away from this is generally agreed to enhance security.
Email signatures help remind us that we don’t need to print out attachments, but you may have employees for whom this has become something of a habit. If they like to read through and use a highlighter on their documents, you may need to put some time into training them on how they can perform the same task on their computer.
For some staff members, printing out documents may be related to their eyesight, and it may simply be easier for them to read a paper copy. Check whether you can create a more user-friendly desk setup with an ergonomic desk chair and a monitor arm that allows them to change the position of their computer screen.
5. Keep on Top of the Policy
Perform spot checks to see if desks are free from sensitive data and keep track of the areas where staff commonly slip up. You can offer incentives for employees who always rate highly on spot checks, getting the team involved in choosing the rewards they’d like.
Top Tips for Maintaining a Clean Desk
Although with the clean desk policy you’re asking employees to follow a very specific set of procedures, keeping your desk generally tidy and hygienic will ultimately promote the organised and efficient steps that the policy requires.
Facilitate quarterly desk-tidying sessions, along with an annual office-wide deep clean. Day-to-day, ensure employees have access to antimicrobial wipes for keeping their surfaces clean, and tools for keeping stationery such as pens and Post-its neatly organised.
By getting the whole office on board with your clean desk policy, you’ll keep the business safe and the workplace tidy, and employees will find it easier to perform their duties.