[BreachExchange] The clean desk test

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 22 20:20:40 EST 2019


https://www.csoonline.com/article/3335122/physical-security/the-clean-desk-test.html#tk.rss_news

Most workspaces hold sensitive documents and information that you don't
want to get into the wrong hands. A little care and a few good habits can
go a long way toward keeping everything secure.

Here are 10 things to tidy up.

Open computer

When you leave your desk, do you lock your computer to ensure no one else
can look at what you are working on?

While it's not always practical to constantly lock and close applications
(or no one would get anything done), certain applications and documents
should be given special attention and closed, minimized or locked before
leaving a desk. A short auto-lock time for your screensaver can help.

Sticky notes with sensitive information

Your employer expects you to remember ALL of those different passwords?
What better way to organize them than to write them all down on a sticky
note, right?

Wrong. Even without spelling out exactly what those passwords are used for,
an industrious criminal or hacker could use them to gain access to private
accounts.

Don't write down passwords anywhere, especially not on display on your
computer. A password manager can get your passwords under control.

Confidential documents

Expense reports and client contracts are two types of documents that should
not be left out for all eyes to see. Private corporate and proprietary
information is the kind of data a competitor would love to get their hands
on. Documents left out overnight, when cleaning crews or other outside
contractors may be in the building, are of particular concern.

Do people really leave sensitive information lying around? Of course they
do — we found violations right in CSO's offices.

Put any sensitive paperwork in a locked file or drawer when you're not
working on it.

Forgotten printer document

How many times have you printed out a document and then neglected to
retrieve if from the machine? In this example, the employee has left a bill
for a toll-fees account out for all to see. Bank account information might
be found on this document, as well as travel itinerary information that
could be considered private.

Retrieve all documents from the printer immediately and store them in an
appropriate, secure location.

Recycle bin

The recycle bin or wastebasket is another place where employees make
security mistakes.

You'd be amazed at the stuff that gets carelessly thrown out.

Consider what you're throwing away before you pitch it. Many documents
should be shredded for privacy and security reasons.

Smartphone left on desk

What kinds of texts or other information might be available to someone who
picks up your smartphone? Have you received a text regarding an executive's
travel plans? Your own? Corporate travel — particularly trips requiring
executive protection — should not be available for just anyone to view.

Take your smartphone with you when you leave your desk. Always have it
locked with a strong passcode to prevent compromise.

Keys

Do your keys open doors to server rooms, document storage or other places
that should have good access controls in place?

Car keys clearly show what brand of car they belong to. If the lot is
fairly empty, how long until an ambitious car thief finds their way to it?

Store keys in your pocket or purse.

Bag sitting out

What's in your bag? A wallet? Sensitive corporate documents? A laptop not
docked and in use? Chances are this bag has plenty of goodies that thieves
would love to get their hands on.

If your bag contains valuables, keep it with you or lock it up.

Easy access to files and folders

It would take a motivated thief mere seconds to grab and dash away with
files left in unlocked storage spaces.

Make their job just a little harder by locking your document storage areas,
such as cabinets and drawers.

Vulnerable USB stick

USB sticks may hold many rewards for a thief. Is there private data on
there? Propietary information that might be valuable to a competitor? All
the thief needs to do is grab it and stick it in a pocket to find out.

USB sticks, like bags, purses and sensitive documents, need to be locked up
and secured when not in use.

Access card

Leaving your access card out on your desk means unauthorized individuals
might take it and use it to access your building after hours. Or it could
be used to get into secure parts of the building that only you, and others
with privileged-access rights, are allowed to enter.

Keep your access card with you in your pocket or purse. Many people use
clips or lanyards to keep it easily accessible when moving about the
building.

Whiteboard covered with writing

Does your whiteboard include names from a client list or financial figures
that you might not want to fall into a competitors hands? Is it easily
viewed from outside the office, open for anyone to see?

Use whiteboards appropriately and privately. Clean off information that
could be considered sensitive. Consider the position of your desk and
workspace when it comes to windows and doors. Could someone easily spy on
you?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190122/4b249812/attachment.html>


More information about the BreachExchange mailing list