What's wrong with this picture? The NEW clean desk test
By Joan Goodchild | CSO
1. Open computer
When you leave your desk, do you lock your computer to ensure no one else can look at what you are working on?
In this example, an employee has left their computer open to an email screen with details about travel expenses and other corporate financial information.
Takeaway: While it's not always practical to constantly lock and close applications (or no one would get anything done), certain applications and documents should be given special attention and closed, minimized or locked before leaving a desk. A short auto-lock time for your screensaver can help.
2. Sticky notes with sensitive information
Your employer expects you to remember ALL of those different passwords? What better way to organize them than to write them all down on a sticky note, right?
Wrong. Even without spelling out exactly what those passwords are used for, an industrious criminal or hacker could use them to gain access to private accounts.
Takeaway: Don't write down passwords anywhere, especially not on display on your computer. Use a simple memory system to keep passwords straight.
3. Confidential documents
Expense reports and client contracts are two types of documents that should not be left out for all eyes to see. Private corporate and proprietary information is the kind of data a competitor would love to get their hands on. Documents left out over night, when cleaning crews or other outside contractors may be in the building, are of particular concern.
(Do people really leave sensitive information lying around? Of course they do - we found violations right in CSO's offices. See our early-morning, snooping-around video version of the clean desk test.)
Takeaway: Put any sensitive paperwork in a locked file or drawer when you're not working on it.
4. Forgotten printer document
How many times have you printed out a document and then neglected to retrieve if from the machine? In this example, the employee has left a bill for a toll-fees account out for all to see. Bank account information might be found on this document, as well as travel itinerary information that could be considered private.
Takeaway: Retrieve all documents from the printer immediately and store them in an appropriate, secure location.
5. Recycle bin
The recycle bin or wastebasket is another place where employees make security mistakes. In this picture, an employee evaluation form is left out for anyone - from cleaning services, to another employee - to find. This is a violation of the employee's privacy, and likely of many corporate privacy policies as well.
You'd be amazed at the stuff that gets carelessly thrown out.
Takeaway: Consider what you're throwing away before you pitch it. Many documents should be shredded for privacy and security reasons.
6. Smartphone left on desk
This smartphone is out for anyone to glance at, and has received a text regarding an executive's travel plans. Corporate travel - particularly trips requiring executive protection - should not be available for just anyone to view. That's just one example. What kinds of texts or other information might be available to someone who picks up your smartphone?
Takeaway: Take your smartphone with you when you leave your desk. Always have it locked with a strong passcode to prevent compromise.
These keys could open doors to server rooms, document storage, or other places that should have good access controls in place.
It's also clear what brand of car they belong to in the parking lot. If the lot is fairly empty, how long until an ambitious car thief finds their way to it?
Takeaway: Store keys in your pocket or purse.
8. Bag sitting out
What's potentially inside this bag? A wallet? Sensitive corporate documents? A laptop not docked and in use? Chances are this bag has plenty of goodies that thieves would love to get their hands on.
Takeaway: If your bag contains valuables, keep it with you or lock it up.
9. Easy access to files and folders
Our example employee has a place to store files, folders and documents, but it's left unlocked and is easily opened. It would take a motivated thief mere seconds to grab and dash away with any one of the many files in this storage space.
Takeaway: Lock your document storage areas, such as cabinets and drawers.
10. Vulnerable USB stick
Much like the unattended bag we saw earlier, this USB stick promises the potential for many rewards for a thief. Is there private data on there? Propietary information that might be valuable to a competitor? All the thief needs to do is grab it and stick it in a pocket to find out.
Takeaway: USB sticks, like bags, purses and sensitive documents, need to be locked up and secured when not in use.
11. Access card
Leaving your access card out on your desk means unauthorized individuals might take it and use it to access your building after hours. Or it could be used to get into secure parts of the building that only you, and others with privileged-access rights, are allowed to enter.
Takeaway: Keep your access card with you in your pocket or purse. Many people use clips or lanyards to keep it easily accessible when moving about the building (Also see: 7 ways to enter a secure building)
12. Whiteboard covered with writing
This white board includes names from a client list, and other financial figures that the employee's company might not want to fall into a competitors hands. Easily viewed from outside the office through a window, the information written on this white board is open for anyone to see, even those with bad intentions.
Takeaway: Use white boards appropriately and privately. Clean off information that could be considered sensitive (or get one of those nifty whiteboards with security features). Consider the position of your desk and workspace when it comes to windows and doors. Could someone easily spy on you?
How did you do?
- Did you pass the clean desk test? How many violations could you spot - and how many do you have in your own work area?
- Our interactive clean desk tool (complete with old-timey CRT monitor!) can give you more ideas on how to tidy and secure your workspace.