Security And Data Protection: Clear Desk Policy
A clean desk policy is an easy way to keep your business secure. Generally speaking, it involves removing any sensitive information from your desktop or storing it properly: USB sticks, laptops, business cards, and printed documents, among others. Sanctions for internal non-compliance can range from warnings to fines.
After returning to physical presence in offices, we remind you of some aspects of the clear desk policy that all employees must comply with.
Frame PSD created by freepik desk
1- Your laptop PC must always remain locked when you leave your job, even for a short period (coffee break or similar).
2- Don’t wait for the “screensaver” to activate automatically when you’re not at work.
Lock the screen with and similarly with and lock away sensitive documents you are working on. Take with you the PKI (Public Key Infrastructure) and the identification card of your corporate company (in the future EC). Remember not to wear your identification card visible if you are outside the EC facilities. 3- Do not throw confidential information in the trash[Windows] + [L][Ctrl] + [Alt] + [Supr]
Destroy the information in the shredders located next to the printers or, if it is large volumes, throw them in the closed cubicles enabled for sensitive information that is then destroyed securely by EC providers.
Confidential information is understood to include desk, among others:
- A notification containing personal data.
- Data related to offers and company strategy.
- Audit reports desk.
- Information is classified explicitly as confidential by clients.
4- It is forbidden to write down passwords in post its, notes, agendas or similar that allow easy access to them. Could you not share them with anyone?
5- If you are located in an office or meeting room, lock it when you leave.
6- If you use whiteboards in meeting rooms, delete the information written on them before leaving the room and don’t forget the documentation or devices (PCs or others that contain data).
7- Do not use removable personal devices (smartphone, hard drive, pen drive, etc.) to extract information from your company. If it is require to use these devices, they must be authorize and encrypt, following EC policies.
8- Be careful when you talk on the phone on the street or in EC spaces concerning the information you comment on, do not disclose confidential information of EC or its clients.
9- Avoid leaving y our PC unattended in the car. If you have to make a stop on the way home. It is usually the most common cause of theft. Even if you put it in the trunk.
10- Stay alert about phishing emails and social engineering attempts (impersonation).
Some of the most recent fraud attempts correspond to identity theft by public entities that supposedly request the sending of an invoice corresponding to a tender dossier.
Suppose you notice confidential information thrown in the trash. If your laptop is stole. You detect suspicious activity on your PC (the result of phishing, viruses or similar) or any other type of incident. Please report it to InfoSec, your Information.