A common piece of advice in many career self-improvement books in the 1980s is the concept of a clean desk. The authors say that an orderly desk projects confidence and organisation. In reality, some of the most productive technical and managerial staffers I've worked with have offices that are danger zones. I, too, fall into the cluttered desk category. Though I can usually navigate the mountains of paper on my desk with a precision that would make Ferdinand Magellan proud, I'm wondering if this is a good thing.
There are real business reasons to keeping your desk tidy. The most obvious one is security. Application development managers' desks frequently house confidential papers, company secrets, strategic and tactical plans, project statuses, new innovations, privileged information, and personal records. When you also consider your user code, access badge, parking pass, wallet, and phone messages, you have a real potential for inappropriate disclosure.
In certain specialty IT careers, such as banking or healthcare, new legislation has been enacted with tough penalties for such disclosure. Even technical elements that may appear innocuous can in fact be a real issue. For instance, an IP address map is a common item on Web developers' desks or pinned on their wall. This might be a major prize to a malicious hacker. And what about bank account numbers or general ledger numbers on a report that an employee forgets on a shelf? Think about customer or prospect lists, which might be quite interesting to your competitors.
Put simply, documents that are out in the open are a substantial risk. The more sensitive the information is within a document, your team should take more care to protect it. Your team member (or you) should protect the document from prying eyes by removing it from the desk and placing it in a secure location. You should ensure that employees destroy old documents, CD-ROMs, and diskettes that are no longer in use.
A clean desk policy is actually an element of an organisation's overall security plan. The policy's goal is to limit the access to private information. One way to demonstrate the risk of a cluttered desk is by working with your organisation's security personnel to see what confidential information someone could gather from several offices in one evening. Chances are, you'll find a wealth of evidence that you can take to the senior management team for their review and action. (To be effective, a clean desk policy will require the support of senior management.)
Then, follow this sample audit with a formal policy and training program for your organisations' associates. Be sure to conduct this audit periodically to ensure compliance.
Scott Withrow has more than 20 years of IT experience, including IT management, Web development management, and internal consulting application analysis.
