A “clean desk policy” helps to manage the safe handling of data in the workplace
- Computers must be locked when leaving the desk.
- Paper files must be stored in lockable cabinets; digital personnel files must be protected by secure passwords.
- In case of paper files, you should work with a document shredder or a disposal service.
- Data deletion must be documented.
- Documents should not be left lying around in plain sight. Preferably, they should also not be taken home with you or on trips. It is too easy to leave an important file on the train…
Places into the office where an intruder could obtain personal data:
Trash can: for attackers, one of the most important sources of information could be found in recycling bins- in some cases they even pay cleaners to get their hands on the paper waste.
Letters and invoices: those lying around may contain information about customers and suppliers as well as other valuable data. Please ensure these are locked in cabinets or locked pedestals.
Whiteboard or flipchart: they are often used in meetings and should be cleaned or stored when they are finished.
Documents: if deliberately left anywhere like on the desk without being filed in a folder, they can contain important data that an intruder could steal.
Business cards and addresses: a criminal could use his business contacts to assume another identity.
Calendar: practically all offices have one. If it is accessible to anyone, it will contain information such as customer names, appointments and similar data.
Post-it (notes): we often write down in the eye-catching colorful post-it some password for everyone to see…. we also usually write down specific data that even if it doesn’t seem confidential, any intruder could combine it with other data.
Keys: keys to offices and filing cabinets should not be kept in close proximity and should only be handed over to authorized persons.
Printers: it’s very easy to forget about paper in the printers. Sometimes there is also a drawer that can be accessed by the entire office.
Folders: confidential data must not be freely accessible.
File cabinets: these contain confidential data and must be closed when you leave the office.
Backups: should not be easily accessible and should not be stored near the original documents.
USB flash drive they are very useful, also for the attackers. They often contain confidential data that is not normally encrypted. They can also transfer malware or viruses to computers.
Doing things right is in the hands of your employees, that’s why it’s important to get training to comply with the RGPD and avoid carelessness, all these tips and more can be found in our online course “Data protection for employees“.