Chapter 1: Physical Security Precautions
Keep a Clean Desk
It makes sense and sounds so simple, but keeping a clean desk is often overlooked when talking about cyber security. It’s also the perfect place to start the security discussion with employees.
Employees that keep a cluttered desk tend to leave USB drives and smartphones out in the open. They also often forget to physically secure their desktops and laptops, allowing someone to simply walk off with them.
A messy desk also makes it more difficult to realize something is missing, such as a folder with hard copy printouts of customer lists. In addition to increasing the likelihood of something being removed, a cluttered desk means that the discovery of a theft would be delayed—perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might be located.
Encouraging employees to maintain a neat desk pays off in two ways. First, digital and paper assets will be more secure, and second, employees with clean desks are more apt to be productive, because they can quickly and safely access the tools and resources they need to do their jobs.
The Common Messy Desk Mistakes to Avoid
The following list presents 11 “messy desk” mistakes employees are prone to commit and which could cause irreparable harm to the business, the employee, fellow employees, customers and business partners. These are all bad habits for which to educate employees to stop:
- Leaving computer screens on without password protection: Anyone passing by has easy access to all the information on the device; be sure to lock down screen settings.
- Placing documents on the desk that could contain sensitive information: It’s best to keep them locked up in drawers and file cabinets.
- Forgetting to shred documents before they go into the trash or recycling bin: Any document may contain sensitive information; it’s best to shred everything rather than taking a risk.
- Failing to close file cabinets: This makes it easy for someone to steal sensitive information and more difficult to realize a theft has occurred.
- Leaving mobile phones and USB drives out in the open: They likely contain sensitive business or personal information and are easy to pick up quickly without being caught in the act.
- Neglecting to erase notes on whiteboards: They often display confidential information on products, new ideas and proprietary business processes.
- Dropping backpacks out in the open: There’s often at least one device or folder with sensitive information inside.
- Writing user names and passwords on slips of paper or post-its: This is especially important given that user names and passwords are typically used to log in to more than one site.
- Leaving behind a key to a locked drawer: This makes it easy to come back later—perhaps after hours when no one is around—and access confidential files.
- Displaying calendars in the open or on the screen for all to see: Calendars often contain sensitive dates and/or information about customers, prospects and/or new products.
- Leaving wallets and credit cards out on the desk: This is more likely to impact the employee, but wallets may also possess corporate credit cards and security badges.
In today’s fast-paced world where employees are always on the go, it takes too much time to determine whether documents, USB drives, devices and other items contain sensitive information. The safe bet is to make sure everything is filed away and kept locked up or else properly destroyed.