Cybersecurity Focus: Clean Desk Policy

Art Miller

A clean desk and clear screen helps keep data secure.

Do you have any passwords written on post-it notes on your desk? Are file folders and documents open on your desk? The U of A has recently implemented a Clean Desk and Clear Screen Policy. Having a clean desk and clear screen helps to not only eliminate clutter, but also helps prevent the likelihood that scammers can gain access to the U of A's data, personal information or university systems.

This policy encourages the use of digital documents instead of printed copies, which cuts down on the cost of paper and printing. This can also mean sensitive information is stored safely in the cloud. IT Services recommends OneDrive for file storage. The second benefit of a Clean Desk and Clear Screen Policy is it helps the U of A comply with industry standards of protecting restricted data, such as FERPA and HIPAA, and highly sensitive data, such as Social Security Numbers and other personal identifiable information.

When employees are away from their desks for any length of time, highly sensitive data should be secured, and computing devices should be placed in a locked screen state.

• All hard copy records containing highly sensitive data must be shredded or disposed of in designated confidential waste containers when ready for disposal. Under no circumstances should this information be placed in regular wastepaper bins.
• Passwords should be secured in a location that is not visible or otherwise accessible to others.

Keys and Access Cards

Employees should never leave access cards, office keys or filing cabinet or drawer keys out and unattended. Keys and access cards should remain with them or always secured. Office doors should be locked when unoccupied and highly sensitive data is present and accessible.

Hardware

• Removable media with highly sensitive data, such as an USB, flash drive or portable hard drive should be secured when unattended. IT Services does not recommend storing highly sensitive data on removable media devices that are not designed to handle and protect such data.
• Laptops, tablets and other hardware devices containing highly sensitive information should be removed from publicly accessible spaces and secured (such as in a locked drawer or filing cabinet) when left unattended.

Printing

Any print jobs containing highly sensitive paperwork should be retrieved immediately. When using a shared printer and when possible, the "Locked Print" functionality should be used.

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Simple steps such as storing data securely in OneDrive, avoiding and reporting suspicious messages and keeping software updated can go a long way toward protecting our campus community online. Throughout the month of October, get to know the basics of cybersecurity with the IT Services' Cybersecurity Checklist  and the Cybersecurity and Infrastructure Security Agency (CISA) resources.