13 Best Practices for Office Security

13 Best Practices for Office Security

  1. Employees should be required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day and when they are expected to be gone for an extended period.
  2. Computer workstations must be locked when workspace is unoccupied. Use of shortcut “windows L” is acceptable.
  3. Computer workstations must be put in “lock” mode at the end of the work day. Use of shortcut “windows L” is acceptable or logoff.
  4. Any Restricted or Sensitive information must be removed from the desk and locked in a drawer or other locked storage when the desk is unoccupied and at the end of the work day.
  5. File cabinets containing Restricted or Sensitive information must be kept closed and locked when not in use or when not attended.
  6. Keys used for access to Restricted or Sensitive information must not be left at an unattended desk.
  7. Laptops, tablets and any other portable computing devices must be locked when left in the office after business hours.
  8. Passwords may not be left on sticky notes posted on or under a computer, nor may they be left written down in any location.
  9. Printouts containing Restricted or Sensitive information should be immediately removed from the printer.
  10. Upon disposal, Restricted and/or Sensitive documents should be shredded and disposed of in official shredder bins.
  11. Whiteboards containing Restricted and/or Sensitive information should be erased.
  12. Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer or other locked storage. Remember to use Windows BitLocker to encrypt them.
  13. All printers and fax machines should be cleared of papers as soon as they are printed; this helps ensure that sensitive documents are not left in printer trays for the wrong person to pick up.