Written by Sunny Ukeachu
In the course of my engagement with several organizations recently, I was amazed at low information security consciousness around work area – desks and computers. With the acceptance of open offices in many industries and the need to share computers at the workplace, inadequate handling of sensitive information could expose both the employee and the organization to the risks of unauthorized access, loss of and damage to information during and outside normal working hours. The resultant effect is adverse impact on reputation, finance, and health and safety.
Businesses handle sensitive information – employee and customer personal information, intellectual property, business plans and strategy, and financial – and they rely on employees to manage and protect such an asset. However, many of the employee practice what I tag “conveniency” – scribble passwords on sticky notes, document login information of critical systems or services in notepads, keep files with sensitive customer information on their desk or on the computer desktops or unlocked drawer, and the likes. Many employees meet with colleagues and/or clients on their desks cluttered with sensitive documents without considering possible prying eyes. Some do not monitor the activities of computer support engineers at their desks to resolve issues. The computer or the information on the computer could be compromised within moments. Few pages could be stolen from a sensitive file kept in an unlocked drawer or cabinet. Once a breach occurs, the impact could be significant.
It is important for every employee to be aware of the security implications of being careless with papers on or around the desk with sensitive information and having unattended computers with critical information.
Here are some of the implications of practicing inconsistent clear desk and clear screen at the work place:
People do change; unless you are a mind reader, you cannot tell who wants to sabotage you or the organization. Sometimes, it could be curious eye that wants to see what it is not authorized to see. When you leave unattended computer, you expose yourself and your organization to risk of unauthorized access. If you also leave documents open in plain view while absent from your work area, you stand to be taken advantage of. Incidents such as fraud, theft, impersonation, and so on occurred in some organizations implicating an employee who left his computer unattended. Be warned.
When you keep both your desk and screen unattended, curious passerby could observe information they should not have access to. Computers left unattended provide the opportunity for malicious data input, modification, or deletion, often to the employee’s blame.
It is obvious that keeping a clean desk and clear screen at work is vital in preventing against information theft and data breaches. It also reduces the chance of sensitive information being viewed or taken by someone who doesn’t have permission, whether it’s another employee or visitor to the office. Anything inconsistent with a good practice is unprofessional and non-compliant to global standard (ISO 27001 – Information Security Management System).
Imbibing the Culture
A culture of clear desk and clear screen should be imbibed to ensure that sensitive information, both in digital and physical format, and critical information systems are not left unprotected at workspaces when they are not in use, or when someone leaves his work area, either for a short time or at the end of the day. These are some good practices worth adopting:
As an organization
As an Employee consciously
A lack of security consciousness around the workspace leads to compromise on sensitive personal or organizational information. When proprietary data, passwords, confidential documents, financial data, trade secrets, and sensitive emails are not deliberately protected from those who are not authorized to access them, they could be disclosed thereby impacting privacy or a competitive edge. If you do not protect documents containing critical information about your company’s new product formula, disclosure can cause competitors to beat your go to market thereby adversely impacting expected revenue. Whether it is by accidents, human errors or malicious actions, these negative results can be avoided by the adoption of a disciplined culture of clear desk and clear screen when going away from your work area. Act now. Exhibit duty of care toward sensitive information in your custody for your sake and that of your employer.
Sunny Ukeachu is a Technopreneur, Teacher and Security Consultant. He is a Fellow of the Nigerian Institute for Industrial Security (NiiS) as well as a visiting lecture at the Institute and other resource centers where he imparts and mentors professionals. He is a prolific transformational leader with excellence. He is a multi-award winner and speaks at conferences. He holds dual first degrees in Computer science and Business Computing respectively and an MBA. He also holds several certifications.
Reach him on: Sunny.firstname.lastname@example.org
We are open for orders. Purchase your professional tool-kits and resources today. Click here Dismiss