Physical Security and the Clean Desk Policy

Physical Security and the Clean Desk Policy
████████████ 🔒 Locked Password: qwerty123 BAD CLEAN DESK ✓ Lock screen when away ✓ Secure documents ✓ Badge in — don’t tailgate ✗ Passwords on notes ✗ Hold doors open

Cybersecurity isn’t only digital — learn how physical security practices protect your organisation’s information.

Physical Security and the Clean Desk Policy

Digital security controls protect nothing if an attacker can simply walk up to an unlocked computer or photograph a whiteboard full of sensitive information. Physical security is the foundation everything else is built on.

Why Physical Security Matters

An attacker with physical access to a device can:
  • Boot from a USB drive to bypass Windows/macOS login entirely
  • Extract the hard drive and read it in another machine
  • Install a hardware keylogger to capture every keystroke
  • Access files left visible on screen
  • Take photographs of sensitive documents, whiteboards, or screens
⛔ Important
A locked door and a clean desk prevent attacks that no antivirus or firewall can stop. Physical access often bypasses every technical security control you have in place.

The Clean Desk Policy — Checklist

✗ NON-COMPLIANT DESK Customer DB Screen unlocked UNATTENDED! Password: Summer123! CONFIDENTIAL Customer data ✓ COMPLIANT DESK 🔒 Screen locked Clear surface — no documents visible SHRED 🗑 Sticky note password • Unattended unlocked screen Confidential papers left visible on desk Locked screen • No paper left on desk Sensitive docs filed or shredded

The Screen Lock Rule

Every time you leave your desk — even for 2 minutes — lock your screen.
  • Windows: Win + L
  • macOS: Cmd + Ctrl + Q
  • Or set auto-lock to trigger after 2–5 minutes of inactivity
✓ Key Point
Make screen locking a reflex. The keyboard shortcut takes less than a second. Practice it until it’s automatic — you should lock your screen before you stand up, not after.

What Must Never Be Left Visible

Item Safe Handling
Printed customer/patient data File or shred immediately — never leave on desk
Passwords written down Never write them down — use a password manager
Confidential meeting notes Lock in a drawer; shred when no longer needed
USB drives with data Lock away or return to IT when not in use
Visitor passes / ID cards Collect and deactivate immediately after the visit
Whiteboards with sensitive info Erase before leaving the room

Tailgating and Access Control

Never hold secure doors open for people you don’t know. Politely direct unrecognised visitors to reception. This is not rude — it is a security requirement.
If you see someone in a secure area without a visible badge, report it to security or reception immediately.
⚠ Warning
Attackers dressed as delivery drivers or maintenance staff are a common physical security threat. Always verify with reception or your facilities manager before allowing anyone unescorted access to server rooms, storage areas, or other secure zones.

Printing Sensitive Documents

  • Retrieve printed documents immediately — don’t leave them in the tray
  • Use PIN-protected printing (where available) so documents are only released when you are physically at the printer
  • Shred sensitive documents using a cross-cut shredder — strip-cut shredding can be reassembled
Would an unlocked screen undo all your security?
The best firewall in the world can’t stop someone sitting down at an unattended, unlocked PC. Mobile Techs IT Service helps Gold Coast businesses close the physical gaps: automatic screen-lock and device policies enforced across every machine, full-disk encryption so a stolen laptop or drive is useless, secure wiping and disposal of old computers and hard drives, and practical office IT setups that make the secure way the easy way. Home users welcome too — on-site or remote, anywhere in Australia.