Clean Desk Policy to Beat Business Spies

You’ve studied up on malware and hackers. Maybe you’ve beefed up the IT department and designed a fierce cybersecurity program with firewalls and multiple backups. Perhaps you’ve even educated your team, warning them about opening unfamiliar attachments.

But what if the biggest threat to corporate information security is a simple paper document, sitting on your CEO’s desk, covered in crumbs from a ham and cheese sandwich?

Believe it or not, experts today say old-school, offline spying costs businesses way more than online spying.

Old-school espionage costs $1.1 trillion a year

A 2017 report from the world’s largest security firm, G4S, estimates that offline espionage costs businesses a staggering $1.1 trillion annually. That’s far more than the $4 billion companies lose to online hackers.

The report’s author, Bruce Wimmer, is the leader of counter business espionage at G4S and author of Business Espionage: Risks, Threats, and Countermeasures. He recalled one case in which a spy posing as a new intern managed to swipe piles of sensitive documents off messy desks, along with two unsecured laptops.

Today’s spies are sophisticated

The case described above was a professional espionage job. The spy found an intern and sent him a letter saying his orientation was delayed. He then arrived on time, bearing a fake passport with the intern’s name. He lured two managers away to bogus meetings, leaving their computers unattended.

Especially relevant, the spy made off with detailed strategic plans, financial information and both computers. It was a significant, damaging security breach that had nothing to do with the internet.

The Solution: A Clean Desk Policy

One of the best things you can do to prevent offline corporate espionage is to put a clean desk policy in place. In general terms, a clean desk policy requires staff to keep their desks clear. It also requires staff to lock up or shred all documents before they head out for a coffee break.

Here are four simple steps to implementing a clean desk policy in your organization:


Provide staff with the tools they need to lock things up

First of all, if you want your team to secure sensitive documents, you need to provide filing and storage cabinets that lock. Furthermore, be sure to provide digital tools like time-activated screensavers and password protection to keep prying eyes from sensitive on-screen material.


Control access to printers and photocopiers

Encourage a paperless office by storing records off-site and having those you need delivered on request. Furthermore, restrict the use of printers and photocopiers by giving unique code or key cards to authorized users. Make sure employees pick up printouts quickly, because by reducing the number of copies and printouts, you’ll immediately lower the risk of data leaks.


Establish secure shredding stations and make sure your team members use them

Partner with a trusted, professional shredding company to set up secure shred bins where staff can confidently deposit sensitive materials for destruction. Unlike the messy personal shredders you might have under your desk, the professionals can handle high volumes of paper shredding. They will also ensure that your documents are kept safe until they are properly destroyed.


Start with a clean slate

The first step is to help your team store or destroy the piles of old, sensitive documents on their desks. Use secure box storage to wipe the slate clean, and set aside some time for a corporate shred day.

Making sure your team is on board

One of the greatest challenges to implementing a clean desk policy is regular, effective enforcement. Help your team succeed by explaining the policy clearly and providing scheduled time for filing and shredding. (You may also want to educate employees on what documents not to shred.) In conclusion, establishing a clean desk policy is one of the simplest and most powerful steps you can take to improve your corporate security.