The purpose for this initiative is to establish a culture of security and trust for employees at Bentley. An effective clean desk effort involving the participation and support of Bentley employees can greatly protect paper documents that contain sensitive information about our students, employees, donors, alumni, parents and friends. All employees that handle confidential data should familiarize themselves with the guidelines of this initiative.
The main reason for a clean desk initiative is as follows:
- It reduces the threat of a security incident by locking confidential information when unattended; sensitive documents left in the open can be stolen by a malicious entity.
At known extended periods away from your desk, such as a lunch breaks or meetings, sensitive working papers containing Level 1 or 2 data should be placed in locked drawers or a locked office. At the end of the working day, an employee should tidy his or her desk and to put away all office papers that contain Level 1 or 2 data or lock his or her office. Bentley provides locking desks and filing cabinets for this purpose.
- Allocate time in your calendar to clear away your Level 1 and 2 paperwork.
- Always clear your workspace of Level 1 and 2 paperwork before leaving for longer periods of time.
- If in doubt - check with your supervisor. If you are unsure of whether a duplicate piece of Level 1 or 2 documentation should be kept - discuss it with your supervisor before shredding.
- Destroy Level 1 or 2 documents when they are no longer needed through cross-cut shredders or locked Retrievex boxes.
- Lock your desk and filing cabinets at the end of the day. Don’t keep the keys in the drawer.
- If you have portable computing devices such as laptops or smart phones, lock your door at the end of the day.
- If you are storing any Level 2 data on CDs, secure them in a locked drawer. Don’t keep them in your PC when unattended.
Tips to Keeping a Clean Desk
- If you store sensitive information (usernames, passwords, etc.) in day planners or notebooks, keep them in a locked drawer when you are away from desk for extended periods of time, including overnight.
- Lock your office door when you're gone for extended periods; if you don’t have an office, lock your cabinets. Do not leave keys in their locks.
- Never leave your access cards or keys out anywhere; always keep them with you; notify University Police immediately if access cards or keys are missing.
- Lock your computer when you leave your desk for an extended period of time, including overnight.
- Do not leave portable media with sensitive information, such as CDs or USBs, in drives or attached to your computer.
- Enable a password-protected screen saver.
- Never write your passwords on a sticky note nor try to hide them anywhere in your office.
- Remove printouts from printers before leaving your office.
- Shred sensitive printouts when you are done with them using a cross-cut shredder or Retrievex bin.
- Clear cache files on your computer regularly.
- Do not use bookshelves to store binders with sensitive information. Label those binders accurately and lock them up.