Insider threats are more prominent than any business owner likes to think they are. The possibility of an outside attacker breaching your business premises and blending in to the interior is also much more prominent than any business owner likes to think. In both cases, an attacker will be looking for any exposed data on computer screens, desks, printer trays etc.

To help mitigate the risk of inside forces physically stealing sensitive data, every business should implement a Clear Desk and Clear Screen Policy. This policy is very simple, and is usually just a list of guidelines for employees to follow during working hours. The ultimate goal of the policy is to ensure that employees keep data out of the view of other employees except for when necessary.

Basic Clear Desk/Screen procedures include:

  • All computers must be locked when unattended. This policy can be enforced by configuring screens to lock after a set period of inactivity. Users should be required to re-authenticate when re-attending to their computer.
  • Any Confidential or Restricted information should be enclosed and filed correctly; it should never be left open and unattended on a desk.
  • Employees should not be permitted to stand behind another employee’s desk unless solicited by the employee.
  • If an employee permits another employee to stand behind their desk, they should lock their computer screen and/or close any open windows unless necessary for a business procedure.
  • All filing cabinets must be closed and locked when not in use.
  • All office doors must be shut and locked when left unattended by the assigned employee.
  • Whiteboards in meeting rooms and personal offices should be erased when not in use.
  • Under no circumstances should credentials be written down and taped onto a device or desk.
  • Printed data should be retrieved from a printer as soon as it is printed.


These procedures should be continuously enforced and addressed whenever a violation is noticed. Encourage employees to be open with others whenever they notice a violation. It does not have to be a tense environment, employees should know that they are looking out for others security when they mention violations. However there should be some sort of incentive for employees to take clear desk and clear screen policies seriously. For example, there could be some form of punishment issued after an employee has been noted for so many violations of the procedures.

Example Policy
Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [3.06 KB]