Interviews

PI on clear desks

by Mark Rowe

A clear desk policy is vital in protecting from threats, says a private investigator.

Jack Charman, pictured, founded National Private Investigators in March 2016. There are two main threats to look out for in the office, which may not be initially obvious, says Jack. These are: Keystroke loggers and OMG cables. Physical keystroke loggers can be attached to keyboards, while OMG cables look just like your average Apple charging cable but when plugged into your computer allows hackers to remotely access your computer and infiltrate your network. Jack says businesses need to up their game if they are to protect their secrets from bad actors.

Jack says: ‘Business owners need to clearly articulate the objectives, scope and rules of the clear desk policy. This should include details on the proper handling and storage of sensitive information and devices.’

Bosses need to determine which areas and items are covered by the policy, including workstations, shared spaces and meeting rooms, Jack adds. ‘Management buy-in and communication is vital to ensure all staff are on board with these vital security steps. Ensure senior management understands the importance of the policy and is committed to its enforcement.

‘Communicating the policy is key. Use emails, meetings, and internal portals to communicate the policy to all employees. Explain the benefits and the potential threats the policy aims to mitigate.’

Training sessions also play a key part in reducing threats to businesses, he says. ‘Educate employees about the risks of keystroke loggers, OMG cables, and other similar threats. Show how these devices work and the damage they can cause. Reinforce the policy through regular reminders and updates on emerging threats.’

Businesses should also invest in physical security measures, such as lockable storage options for employees to store sensitive documents and personal devices. And Jack says random and scheduled inspections should be undertaken to ensure compliance with the policy.

‘Tech also plays a big part. Business owners should implement software solutions to monitor and detect unauthorised devices connected to the network. It’s also imperative that all workstations have up-to-date antivirus and anti-malware software.’

There should be clear consequences for staff if they don’t follow the rules, he says: ‘Define the disciplinary actions for non-compliance. Ensure that all employees are aware of these consequences. Regularly audit compliance with the policy and review its effectiveness. Update the policy as needed based on new threats and technologies.

‘Encourage employees to clear their desks of sensitive documents and personal devices before leaving their workstations unattended and advise employees to use only company-issued cables and chargers. Explain the risks associated with using unknown or unauthorised devices.’

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing