Cybersecurity: Clear Desk and Clear Screen Policy

in hive-175254 •  2 years ago 

The clear desk and Clear screen policy are often handled nonchalantly by firms because they fail to understand their importance. The importance of this policy is to ensure the confidentiality, availability and integrity of both hard copy and soft copy information, hence the reason why it should be taken seriously. To further buttress my point, the ISO 27001:2013 version has a section in Annex A that lists ensuring a clear desk and clear screen as one requirement to attaining their standard certification.

kelly-sikkema-wewhSV2Y38U-unsplash.jpg

source

To further understand the usefulness of these terms, let me explain what they mean. A clear desk is a desk clear of any hard copy information. Just like the name implies, it is when a desk is cleared of all information that could be exploited by an authorised person who should have no access to such information in the first place. This hard copy information is mostly seen in departments like HR, Accounting and sometimes procurement and admin. This department is the major user of paper information despite the availability of technology to help process the information online.

For clear screen, this is just a term used for concealing information on the screens of laptops while working and when not working. Clear screen entails protecting information on your laptop's screen from authorised personnel. This policy applies to all departments in an organisation, but they all use laptops or desktops to process information or go about their daily activities at work. Also, the most effective clear screen methodology is logging off the system when not in use, and some organisations have a tool to enact this. At the same time, other organisations have to do it manually by setting an idle session time-out period or pressing Windows + L.

In other to get Clear desk right, it goes beyond the workstations. It expends to anywhere where hard copy information is stored, used or processed. For example, a clear desk must be enacted on the photocopier machine, i.e. no printed copy of information should be left on a copier machine. Another example is the meeting room where meetings hold; every piece of hardcopy information should be cleared out after each meeting as an authorised person shouldn't have access to what was discussed or shared there. So a clear desk is much broader and more tedious than a clear screen. However, both perform the same function for different sets of information, i.e. Hard copy and Soft copy information.

giorgio-trovato-8krX0HkXw8c-unsplash.jpg

source

To get a clear desk right, your workstation should always be clear and less revealing of information. Office cabinet should be used to store all copy information when not in use. Also, after every meeting, every piece of hardcopy information should be removed right after the meeting. No hard copy information should be left on the printer; if possible, the printer should be reset after each day. Your workstation should always be tidy, even when working. Any hardcopy information not needed at a particular time should be removed and kept until needed. Never right and tap information such as password on your workstation. Limit the amount of personal items on your desk. Avoid eating and drinking at your workstation. Always ensure that hardcopy information on your desk has a lid that ensures the information on them is not revealed to the world.

Attaining a clear screen is easier. As I said, the firm could enact a 5-minute idle time-out session from a central location to all systems and laptops connected to the firm's network. Aside from that, users should limit the amount of information that their screen exposes. Also, while using their laptops, they should be stationed and positioned so that no one can access what is on the screen. Also, the desktop of the laptops should always be clear. Icons on your laptop system should not be more than 10, which could be your recycle bin, my computer and other shortcut icons for applications on the system. Always ensure that documents are in the folder section of your laptop as against leaving documents on your computer's desktop. Always lock out your system with a password when stepping away from it.

By doing this, a firm will ensure the confidentiality, integrity and availability of information. I would like to hear your thoughts on this. Thanks for your comment and support in advance.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi there :) Another interesting choice of topic @lebey1

I must admit that I don't have much of that described experience. As a person who worked for most of my life for myself (hardly ever I worked for larger company) I hardly cared about clearing out my desk. Knowing that noone else will touch it.

So it never crossed my mind that things may be different for those who work in the offices etc. Interesting point.

the ISO 27001:2013 version has a section in Annex A that lists ensuring a clear desk and clear screen as one requirement to attaining their standard certification.

Are you kidding me? ;)

Cheers, Piotr

Lol, I am not. It is a key requirement that once you have a major non conformity in it, you might not be certified