• United States



How to IP Theftproof Your Desk

Dec 20, 20073 mins
CSO and CISOData and Information SecurityIT Leadership

Because even the most conscientious employees are vulnerable to the occasional lapse in IP safety and could use a regular refresher.

Ever leave your desk drawers unlocked, forget to log off your laptop when you leave the office, or post your passwords where you and everyone else in the building can see them? Even the most conscientious employees are vulnerable to the occasional lapse in IP safety and could use a regular refresher. Ira Winkler, president of the Internet Security Advisors Group and former National Security Agency analyst, offers his advice for keeping prying eyes at bay.

Realize the likelihood. Yes, it can happen to you. It sounds stupid, perhaps, but very few people think that they will be victimized by IP thieves. They never think that someone will actually go through their stuff, but that can happen. It’s important to recognize and remember that intellectual property theft is a real threat.

Log your computer off. Lots of people walk away from their computers and leave sensitive information available for the taking. “I’ve found documents worth billions of dollars to a company all because someone didn’t log off their computer,” says Winkler. Log off so that someone else cannot log in to your system while you’re away.

Understand that you cannot hide. Don’t think you can hide keys or passwords in your paper clip drawer or taped under your keyboard. If you’ve thought of a place to hide sensitive information, someone else will have thought of it too. And, we hope this is obvious, but don’t ever tape passwords to your monitor. “I saw this as recently as two weeks ago,” says Winkler.

Clean your desk off. Don’t leave sensitive papers lying around. “Lawyers are the worst I’ve ever seen, and they are the ones who write the policies to safeguard IP,” says Winkler. Information should not be readily available to the passerby. “Don’t make the cleaning person the richest person in your company,” says Winkler.

Ensure that clean desk policies are distributed and followed. Make sure that all corporate managers understand that it is their responsibility to verify that clean desk policies are understood and followed.

Shred. Shredders are often available only in the legal department and executive suite, but intellectual property passes through all departments of a business. Have shredders available at desks and be sensitive to trash that is otherwise sensitive, valuable or proprietary.

Lock your desk drawers and file cabinets. Keys and backup keys are vulnerable to theft. Occasionally people will forget their keys and will need to contact someone with a backup. Oftentimes, those backup keys are left in unlocked drawers for easy access. Leaving a drawer of keys unlocked—whether they are primary or only for backup use—

is not a good idea. And neither is having one person walking around with a huge key ring. Use a combination key, or put that big key ring in a combination-lock safe. “Remember, little things can add up to major losses,” cautions Winkler.