Clean Desk Walkthrough
Implementing a clean desk policy at your financial institution is an important part of an information security program. It establishes your institution’s expectations on how sensitive customer information, credentials, removable media and security tokens should be securely stored to prevent a security incident or breach. Clean desk walkthroughs are a proactive approach to monitor for compliance and ensure that stakeholders are following proper data-handling protocols and keeping your customers’ information confidential and secure.
We recommend that you identify someone on your security team or designate trusted personnel to periodically inspect office spaces and branches, at least quarterly, before employees have started or after employees have ended their workday. Develop a checklist for what to check for consistency and record the results of the walkthrough. Include the following on your checklist:
- Ensure that computer screens are locked.
- Check drawers and filing cabinets to make sure they are locked and that sensitive information cannot be found if it can be opened.
- Make sure passwords, security tokens, removable media and customer information are not left where unauthorized people can access them.
- Check printers, recycle bins and garbage cans for discarded sensitive information.
- Check conference rooms and other gathering areas to make sure that sensitive information has not been left out.
A clean desk walkthrough is more than just an inspection; it is a reminder of the institution’s commitment to privacy, security, and regulatory compliance. It also reinforces a culture of security awareness among employees, making them active participants in safeguarding sensitive information.
Neovera SV (formerly 10-D Security) is an independent firm specializing in IT security and compliance for financial institutions. We help clients mitigate risk and comply with GLBA requirements, offering tailored services and expertise to strengthen cybersecurity programs.