The clean desk and clear screen policy regard practices that ensure sensitive information are protected.
In addition, a clear screen policy directs all employees to lock their computers when leaving their desk and log off when leaving for a long period of time. This aims to make sure that the contents of the computer screen are protected.
Namely, 1 in 4 employees said that they leave their computers unattended, while 63% of confirmed data breaches include weak, default or stolen passwords. Furthermore, 9% of small companies do not have a policy for disposing confidential documents.
What is more, a clean desk and clear screen policy should be established because of several benefits that it can provide to organisations, such as:
- Prevent Prying Eyes: Computers that are left logged on and unattended are a potential target for prying eyes. Many employees entrusted with sensitive information often leave documents in plain view when leaving their desk. This could expose sensitive information;
- Prevent Unauthorised Access: A clear screen policy also prevents unauthorised access. Unattended computers provide the opportunity for malicious data modification;
- ISO 27001/17799 Compliance: A clean desk and clear screen policy are necessary for the global standard ISO 27001/17799 compliance.
Moreover, GoldPhish offers some simple, low-tech clean desk and clear screen practices that anyone can implement:
- Use of locked areas: Lockable drawers, archive cabinets, safes, and file rooms should be available to store information media or easily transportable devices when not required, or when there is no one to take care of them;
- Protection of devices and information systems: Computers and similar devices should be positioned in such a way as to prevent people passing by to have a chance to look at their screens, and configured to use time-activated screen savers and password protection to limit chances that someone takes advantage of unattended equipment;
- Restriction on use of copy and printing technology: Printers, photocopiers, scanners, and cameras should be controlled by reducing their quantity or by using code functions that allow only authorised persons to have access to them;
- Paperless culture: Documents should not be printed unnecessarily, and sticky notes should not be left on monitors or under keyboards;
- Disposal of information remaining in meeting rooms:All information on white boards should be erased and all pieces of papers used during a meeting should be subject to proper disposal.
