Educating Employees on Cyber Security: Beware the Messy Desk!

Employee going through paper piles at his messy desk

It seems so simple, but keeping a clean desk is often overlooked when talking about data security. It’s also the perfect place to start the discussion with employees.

Employees that keep a cluttered desk tend to leave USB drives and smartphones out in the open. They also often forget to physically secure their desktops and laptops so someone can’t simply walk off with them.

A messy desk also makes it more difficult to realize something is missing such as a folder with hard copy print-outs of customer lists. In addition to increasing the likelihood of something being removed, a cluttered desk means that the discovery of any theft will likely be delayed—perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might now be located.

11 Common Messy Desk Mistakes to Avoid

The following list presents 11 “messy desk” mistakes employees are prone to commit and which could cause irreparable harm to the business, the employee, fellow employees, customers and business partners. These are all bad habits for which to educate employees to stop:

  1. Leaving computer screens on without password protection: Anyone passing by has easy access to all the information on the device. Be sure to lock down screen settings.
  2. Placing documents on the desk that could contain sensitive information. It’s best to keep them locked up in drawers and file cabinets.
  3. Forgetting to shred documents before they go into the trash or recycling bin: Any document may contain sensitive information; it’s best to shred everything rather than taking a risk.
  4. Failing to close file cabinets: This makes it easy for someone to steal sensitive information and more difficult to realize a theft has occurred.
  5. Setting mobile phones and USB drives out in the open: They likely contain sensitive business or personal information and are easy to pick up quickly without being caught in the act.
  6. Neglecting to erase notes on whiteboards: They often display confidential information on products, new ideas and proprietary business processes.
  7. Dropping backpacks out in the open: There’s often at least one device or folder with sensitive information inside.
  8. Writing user names and passwords on slips of paper or post-its: This is especially important given that user names and passwords are typically used to log in to more than one site.
  9. Leaving behind a key to a locked drawer: This makes it easy to come back later—perhaps after hours when no one is around—and access confidential files.
  10. Displaying calendars in the open or on the screen for all to see: Calendars often contain sensitive dates and/or information about customers, prospects and/or new products.
  11. Leaving wallet, credit cards or security card out on the desk: This is more likely to impact the employee, but wallets may also possess corporate credit cards and security badges.

Of course you’re thinking – I trust my employees. Why would I need to be concerned about security of their desk area?

Trust isn’t always the issue. You have to be careful about accidental or inadvertent security vulnerabilities. For example, you sure wouldn’t want a document left on screen or on a desk pertaining to an employee review, compensation info, or termination. You wouldn’t want someone seeing a jump drive on a desk, thinking that’s the one with their project on it, and it has sensitive company information not intended for their eyes.

Sometimes it is about trust. Not all employees are as loyal as they seem. Some my be overly competitive and want to get info they shouldn’t have to advance in the company. Some may be planning to leave and take your customer lists with them.

The point is, if everyone keeps their own desk area clean and secure, you won’t have to worry about accidental, inadvertent, or malicious security breaches within your own company.

Next blog: Email threats!

For more information on keeping your small business secure call 678-389-6200 or contact us online.