Smile. Click. Gasp.
In one innocent snap of an AP photographer’s camera, an
operations officer for Hawaii’s Emergency Management Agency (HEMA) sinks from vigilant
public servant to pitiful poster child of the Clean Desk Policy.
The fall from grace occurred last July, during a Boston
Herald interview aimed at highlighting Hawaii’s proactive emergency-readiness
program. (Hawaii is the first state to prepare residents for the possibility of
a North Korean missile strike).
Apparently to tout its diligent public safeguards and perhaps
humanize the agency itself, a HEMA official posed proudly for a photo inside
the agency’s ‘operations room,’ surrounded by battery of bustling warning screens
and data-packed displays.
Unfortunately for HEMA, there was something else in the
frame: passwords–apparently to the emergency
warning system. There, plain as day, on sticky notes, taped to two computer
photo resurfaced on Twitter recently, following the island state’s terrifying
January 13, 2018 ‘false alarm’ episode, in which a message sent statewide read
“BALLISTIC MISSILE THREAT INBOUND
TO HAWAII. SEEK IMMEDIATE
SHELTER. THIS IS NOT A DRILL.”
Whether the leaked password or HEMA systems pictured last
July were related to January’s apocalyptic (false) alert has not been
But the fallout has clearly gained the attention of state,
Federal and military officials, while casting serious doubts upon HEMA’s cybersecurity practices.
Obviously, the incident serves as a wake-up call to states
and agencies working to improve emergency (and perhaps cybersecurity) preparedness.
Astute small-business leaders, however, will recognize the
slip-up as an opportunity to revisit their own online and physical security
practices–maybe even compelling enough to dust off and update their firm’s clean
desk policies (CDP)–a step that companies of every size could probably
Clean Desks, Clear
Screens, Less Risk
Clean desk policies have been around for a long time, first used
as a management tool to instill in corporate employees a sense of workplace
pride and professionalism. Leaders also intended clean desk policies to create
a sense of organizational efficiency and competence during visits by customers
Today, clean desktops, clean screens, and similar
workspace security measures are being driven by increased emphasis on breach
prevention, fueled by news
reports and security standards like
ISO 27001 and ISO 27002.
The aim, of course, is to help ensure that sensitive
information, either in digital and physical form, and assets, such as laptops, tablets,
etc., are not left unprotected at personal and public workspaces when not in
use. In other words, greater security
and compliance with privacy regulations.
Common-sense elements of an effective clean desk policy
include ensuring that employees, government and otherwise:
- Shut down and secure workstations when unused or
- Stow all documents and electronic media when the
workday is over
- Close and lock all file cabinets containing
restricted or sensitive information
- Properly shred or otherwise dispose of materials
that are no longer needed
Also included is keeping work areas free from paper scraps
and sticky notes containing login credentials and other sensitive information–a
precaution now indelibly seared into HEMA’s collective consciousness?
If you’re not familiar with the latest security standards and
best practices (such as clean desks and screens), an IT Managed
Services Provider (IT MSP) like TeamLogic IT can be a tremendous resource
for strategy and advice, including helping you custom-tailor IT
policies and procedures to your company’s needs.