Is it Time for a Clean Desk Policy?

By in , ,

When you think of security for business, what first comes to mind? Expansive (and expensive…) firewalls? Norton, AVG and other security software? Those are all fine, however, one of the most common ways data is lost or stolen is by simple social engineering. This way of garnering information has been around since before the internet (think Frank Abagnale who inspired the movie, “Catch Me If You Can,”) and it can leave your employees desks primed for data theft.

Expert social engineers, (better known as con artists,) keep a sharp eye for post-it notes with passwords stuck on computer monitors, whiteboards with sales data and actively watch employees key-in passwords into doors, entry ways and sensitive areas. With median losses of $154,000, a security breach can completely wipe out a small business and banks are reticent to help recoup those losses; some banks likening a security breach to “leaving your purse open in a grocery store.” If your computer lacks the proper security, a bank could refuse to pay up.  While high-tech security is great, mindfulness of what’s on your desk can do a world of good for ensuring security within your office walls.

A Clean Desk is a Secure Desk:

Post-it Passwords – NEVER keep post-it notes of passwords on your computer monitor. It’s one of the primary ways social engineers garner information. Use a tool like LastPass which keeps all your passwords in order for you.

Wipe the Whiteboard – Clean the whiteboard after each meeting. Even seemingly innocuous things like a salesperson’s name can be used by a hacker who could pose as that salesperson to access sensitive information.

Pile or File – If you are a consummate piler, be certain to have file boxes on your desk that conceal the information from prying eyes. Put papers away at the end of the day in a LOCKED filing cabinet.

Shred It – Either shred old files or have a facility securely store papers for you. A paper trail can be a double-edged sword – great when you need it, a nightmare if a hacker accesses your sensitive files. Look for Shred Events (or hold one of your own) to take care of excess papers.