Clean Desk Policy – order for more IT security!

M.Sc. Chris Wojzechowski

Clean Desk Policy – order for more IT security!

By the end of the day, everything has to be off the table – the Clean Desk Policy ensures more order, but also more IT security? In some employment contracts, it is already firmly written into the contract: The obligation to keep the desk clean. Often this includes paper, but occasionally also personal matters such as a picture. Paper is patient – the saying says it all. Because it does not harm the paper. But sensitive information is then visible to anyone who has access to the desk.

Sensitive documents and personal data should not be visible and accessible!

There are indeed many reasons for a clean desk policy. One is that the largest business risk worldwide is cyber risk. If everything is sorted, filed, and put away directly, there’s less flying around. This results in less time spent searching for documents. But the constant clearing up and putting away has other advantages. Unauthorised persons, such as cleaning staff, cannot gain access to the documents. In the context of IT security, much of the Clean Desk Policy aims to ensure that information is not carelessly made available to unauthorized third parties. Criminals only need a very short time to exchange hardware. It does not have to be the often used mouse or keyboard. The replaced, but manipulated iPhone cable is also sufficient. But also other persons with access rights do not have to be served the valuable information on the tablet. This does not mean post-its with passwords.

There are controls to eliminate the chaos.

In times of flexible workplaces, tidying up the workplace is obligatory anyway. But even where there is a fixed seating arrangement, the Clean Desk Policy can be effective. And if you take the instructions as seriously as a no stopping sign, you may be surprised if there are pictures of the desk before-after. In various auditing companies, documents and technology left lying around are collected in the evening. Anyone wanting to get back to the technology had to report to the service department.

If you have to deal with the Clean Desk Policy, you should first clean out your desk thoroughly. An english language template is provided by the SANS Institute. Information such as QR-Codes can also be sensitive. Documents that are no longer needed should be shredded in consultation with the GDPR. At this point it should be noted that there have been minimum requirements for paper shredders since the GDPR came into force. fines have been generously imposed in the meantime. Then it goes to the system. At this point there should be uniform regulations. Does the company bicycle land under F or under L as in leasing?

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.