Feature: A (Spring) Clean Desk Policy for Data Security

May 20th, 2019

Defendify’s article on rolling out a Clean Desk Policy and how it relates to protecting sensitive data was recently published on Read our tips for cybersecurity providers here, and don’t miss the full article on

When you think “data security,” you likely think about the technology you put in place to keep your customers’ electronic files and information secure from cyberattackers and data loss. But despite your best attempts at protecting their data, there are still components you can’t control for with technology.

Although paper documents likely aren’t your first thought in data security, plenty of sensitive information is stored off-screen. Think blueprints, system diagrams, printed emails, passwords, invoices, even receipts—the list can go on and on. Unauthorized exposure of this information, no matter how low-tech, is still considered a data breach. So how can you help your customers develop policies and procedures to protect all their data?

What is a Clean Desk Policy?

A Clean Desk Policy requires that employees clear their desk at the end of each day, removing all papers from view and locking confidential information. Doing so protects sensitive documents from anyone who may walk through the facility and view the information, whether intentionally (e.g. burglars or malicious employees) or unintentionally (e.g. guests or after-hours maintenance staff).

A Clean Desk Policy isn’t about being suspicious – simply realizing that it’s difficult to control for every situation. Given that exposed papers—or even sticky notes—can be viewed by anyone who walks by, it can be difficult to know who accessed what information – or what they could do with it.

Encouraging Data Security

As a cybersecurity provider, your customers look to you for guidance on best practices with regards to security. Although a Clean Desk Policy doesn’t directly deal with computers, it’s an important cybersecurity consideration – and a great opportunity to provide added value as a trusted advisor.

In addition, the topic is sure to get customers thinking: even if they decide against a Clean Desk Policy, your advice may encourage them to consider whether leaving that paper copy on their desk is worth a potential breach. The more attention given to all aspects of cybersecurity, the more it stays top-of-mind.

Clean Desk Success

While a Clean Desk Policy is recommended for most organizations, companies under industry regulation or who deal with lots of sensitive papers may be particularly interested. If your customers decide a Clean Desk Policy is right for them, be sure they have the following points covered:

  • At the end of every workday, employees must clear their desk of documents and papers.
  • Any papers containing confidential information must be locked, or if no longer necessary, shredded.
  • Employees should lock their computer and stow sensitive documents whenever they leave their desk, even just for a few minutes.

Acting as an advisor may also mean helping your customer with a plan to share, train to, implement, and enforce their Clean Desk Policy to protect their information. After all, data security applies to all data.

Read the original article on

Stay Safe,

Your Friends @ Defendify