Decluttering desks and the importance of offline security

May 29, 2018


By Lloyd Williams, founder of information management company Shredall SDS Group.

As GDPR becomes a reality affecting large and small firms alike, offline security considerations are often forgotten as valuable, protective, and necessary measures. Whilst cyber security tactics are efficient, relying solely on online protection leaves your firm vulnerable to  offline security breaches. Employees contribute to the risk by doing things such as leaving on computer screens, leaving file cabinets open, misplacing documents with sensitive data, leaving out USBs, failing to erase conference room whiteboards, and having a cluttered and messy desk.

Forgetting to tidy your workspace isn’t just a bad habit, it's dangerous to the security of you and your firm's personal and private information, and fails to comply with the strict data security regulations of GDPR. Therefore, businesses need to consider a range of offline measures, which can most easily be implemented through a company-wide enforced clean desk policy.

What is a clean desk policy? 

At its simplest level, a clean desk policy ensures all staff are required to remove papers, files, and any written information from their public and private workspaces, to be shredded and destroyed, or securely stored away.  Once implemented, approbations for non-compliance can also be enforced, ranging in severity from warnings to monetary fines. This initiative limits the chance of external parties, or any non-internal personnel visiting during, or outside of working hours, from accessing private company or client data.

Why should my company implement a clean desk policy? 

In addition to existing as an offline security initiative compliant with GDPR, a clean desk policy also increases a firm’s ability to obtain additional accreditations like the ISO 27001 ( an international standard of best practice for information security management systems).  These security accreditations require a minimum condition of company-wide compliance to security policies, best represented through a clean desk policy.

From a business perspective,  a clean desk policy makes a workplace more professional and breeds higher productivity. By providing an incentive for staff to keep their desks clean at all times, it in turn prevents excessive printing and cluttering, and doubles as an eco-friendly initiative to save paper. The policy leads to fewer physical documents, less waste, and organically creates a more secure way of disposing and recycling unneeded documents. This combination leaves clients, visitors, and even staff with a better impression of the business.

How do I enforce a clean desk policy?

As a company-wide policy can be difficult to enforce from a management perspective, achievement through a few steps over time is best practice. The first step is to get approval from all senior management, as top down implementation is the best approach to get full support. Once managerial consent is confirmed, an official policy should be put into writing and circulated to all staff including the rationale and additional information, a training schedule (if required), and an implementation deadline with subsequent consequences if not achieved. It is important to then provide dedicated storage spaces, or further guidance on how to destroy and dispose of documents for staff.

For optimal security, businesses may choose to invest in a third-party firm that provides data storage and shredding services; the additional advantage to this is that less paperwork in the office equals more space! Finally, it’s important to appoint supervisors to enforce the policy within their teams as well as to impose the firmly-determined sanctions, should there be an issue with compliance. Equally, your should convey the benefits of the policy with all staff, as well as to include in periodic communications how much the policy has created a positive impact (i.e less sheets of paper used).

Successful implementation of a clean desk policy is an offline security measure compliant with GDPR, has many benefits from both security and business perspectives, but must be a team effort to be a completely preventative measure. Clear communication, strategic planning, and follow-ups are needed to make it a successful policy company-wide. Nevertheless, if your firm can adopt a clean desk policy, imagine what other online and offline security processes it is cable of implementing as online and offline security becomes increasingly important.

Contact Us

+44 (0) 203 725 6841