Clean Desk and Clear Screen Guideline

Purpose

This guideline provides practical advice for maintaining a secure work environment by protecting sensitive information from unauthorized viewing or access. It covers physical security (clean desk) and digital security (clear screen) practices.

Scope

This guideline applies to all Swedwise staff working in:

• Swedwise offices (Karlstad, Stockholm, Uddevalla)
• Customer sites
• Home offices
• Co-working spaces
• Public places (airports, cafes, trains)
• Hotels and temporary workspaces

Clean Desk Principles

What is Clean Desk?

Clean desk means:

• Sensitive information is not left visible when unattended
• Documents are stored securely when not in use
• Minimal information is displayed on notice boards or whiteboards
• Work areas are clear at end of day

Why it matters:

• Prevents unauthorized access to information
• Protects customer confidentiality
• Reduces risk of data loss or theft
• Demonstrates professionalism to visitors and customers

Clean Desk Requirements by Classification

Classification	Requirements
Public	No restrictions - may be left visible
Internal	Preferred to store securely, but not critical
Confidential	Must not be left visible when unattended - lock away or take with you
Restricted	Must be locked in secure storage immediately after use

End-of-Day Clean Desk Checklist

Before Leaving the Office:

• Lock away all confidential documents (filing cabinet, drawer, locker)
• Shred any documents marked for disposal
• Clear whiteboards of sensitive information
• Lock computer screen (Windows+L or Ctrl+Cmd+Q)
• Store USB drives, external hard drives, and removable media securely
• Put away customer materials or project documents
• Lock office door if last person leaving
• Take laptop with you or lock in secure storage

Example Clean Desk:

• Clear desk surface (no papers visible)
• Monitor off or locked
• Drawer/filing cabinet locked
• No sticky notes with passwords or sensitive info

Example Unacceptable:

• Customer contract left on desk overnight
• Sticky note with password on monitor
• Whiteboard showing customer architecture diagram
• Unlocked laptop left on desk

Clear Screen Principles

What is Clear Screen?

Clear screen means:

• Lock screen when leaving your workstation
• Screen is not visible to unauthorized persons
• Automatic screen lock after short inactivity period
• Prevent "shoulder surfing" in public places

Why it matters:

• Prevents unauthorized access to systems and data
• Protects customer data from viewing
• Reduces risk of accidental data disclosure
• Demonstrates security awareness

Screen Lock Requirements

When to Lock Screen:

• Stepping away from desk (even for 1 minute)
• Going to meeting, coffee break, lunch
• Bathroom breaks
• Answering door or greeting visitor
• Working in public places when distracted
• End of day (always)

Keyboard Shortcuts:

• Windows: Windows key + L
• macOS: Control + Command + Q
• Linux: Super + L (or Ctrl + Alt + L)

Tip: Make it a habit - lock before you stand up.

Automatic Screen Lock Settings

Recommended Settings:

• Office: 5 minutes inactivity → lock screen
• Customer site: 3 minutes inactivity → lock screen
• Public place: 1 minute inactivity → lock screen
• Laptop (mobile): 3 minutes inactivity → lock screen

How to Configure:

Windows 10/11:

1. Settings → Accounts → Sign-in options
2. Under "Dynamic lock," set timeout period
3. Also: Settings → Personalization → Lock screen → Screen timeout settings

macOS:

1. System Preferences → Security & Privacy → General
2. Check "Require password immediately after sleep or screen saver begins"
3. System Preferences → Energy Saver → Set display sleep to 5 minutes

Hot Corners (optional but recommended):

• macOS: Set hot corner to lock screen (drag cursor to corner)
• Windows: Configure screen saver hot corner

Working in Different Environments

Swedwise Offices (Karlstad, Stockholm, Uddevalla)

Clean Desk:

• Lock sensitive documents in desk drawer or filing cabinet at end of day
• Clear whiteboards after meetings (take photos if needed, mark confidential)
• Use designated confidential waste bins (shredding)
• Don't leave customer materials in meeting rooms

Clear Screen:

• Lock screen when leaving desk
• Position monitor away from windows and common areas where possible
• Use privacy screen filters for open office areas
• Auto-lock: 5 minutes

Shared Spaces:

• Meeting rooms: Clear whiteboards, remove documents
• Kitchen/break room: Don't discuss confidential matters
• Reception area: No customer documents visible to visitors

Customer Sites

Clean Desk:

• Follow customer's clean desk policy (often stricter than Swedwise)
• Lock documents in provided storage or take with you
• Never leave customer data visible on customer's desks
• Use guest lockers if provided

Clear Screen:

• Always lock screen when leaving workstation
• Use privacy screen filter (mandatory in open customer environments)
• Assume customer network is monitored (it usually is)
• Auto-lock: 3 minutes (shorter than office)

Visitor Badge and Access:

• Display visitor badge as required
• Follow customer escort requirements
• Don't access unauthorized areas
• Return badge when leaving

Tips:

• Observe how customer employees handle sensitive information
• Ask customer security contact if unsure about their policies
• Be more cautious than at Swedwise offices (you're a guest)

Home Offices

Clean Desk:

• Designate a secure work area
• Store confidential documents in locked drawer/cabinet
• Keep work area separate from personal/family areas
• Shred confidential printouts at home (cross-cut shredder)

Clear Screen:

• Lock screen when family members or visitors are nearby
• Position monitor away from windows (prevent viewing from outside)
• Use privacy screen filter if working in shared home space
• Lock door if handling restricted information

Family and Visitors:

• Don't let family members use work computer
• Lock screen before answering door
• Don't discuss customer projects where others can hear
• Explain to family why you lock screen (security, not secrecy)

Printing:

• Avoid printing confidential documents at home if possible
• If necessary, use secure printer and shred after use
• Never print restricted documents at home

Public Places (Cafes, Airports, Trains)

Clean Desk:

• Minimize use of paper documents in public
• Keep documents in bag when not actively reading
• Don't leave laptop or documents unattended (even for bathroom break)
• Take everything with you when leaving

Clear Screen:

• Always use privacy screen filter (mandatory in public places)
• Lock screen if distracted (phone call, ordering coffee)
• Position back against wall when possible
• Be aware of people behind you (shoulder surfing)
• Auto-lock: 1 minute

Confidential Work:

• Avoid confidential work in public places if possible
• Use VPN for all network access
• Don't join video calls with confidential content
• Don't discuss confidential matters on phone calls

Tips:

• Coffee shop WiFi? Use VPN and privacy screen
• Airplane? Use privacy screen, avoid confidential work
• Train? Lock screen frequently, use privacy screen
• Airport lounge? Better than public cafe, but still use privacy screen

Co-working Spaces

Clean Desk:

• Lock documents in provided locker (if available)
• Take documents with you if no secure storage
• Clear shared desk at end of day
• Don't use shared printers for confidential documents

Clear Screen:

• Use privacy screen filter
• Lock screen when leaving desk
• Position desk away from common areas if possible
• Auto-lock: 3 minutes

Shared Resources:

• Be cautious with shared meeting rooms (others may overhear)
• Use headphones for confidential calls
• Don't leave documents in meeting rooms

Handling Specific Items

Documents and Printouts

While Working:

• Keep face-down when not actively reading
• Don't let stack of papers accumulate on desk
• Return to secure storage when done

When Moving:

• Use folder or envelope (not loose papers)
• Don't leave in meeting room, on printer, or in common areas
• Hand-carry confidential documents (don't send via internal mail)

Disposal:

• Confidential: Cross-cut shredding (minimum)
• Restricted: Cross-cut shredding, witnessed disposal for highly sensitive
• Internal: Recycling bin is acceptable
• Never: Regular trash for confidential/restricted

Printing:

• Collect printouts immediately from printer
• Don't print confidential documents if not necessary
• Use secure/follow-me printing where available
• Check printer tray for leftovers before leaving

Whiteboards and Flip Charts

During Meetings:

• Mark whiteboard "Confidential" if discussing sensitive information
• Position whiteboard away from windows and doors

After Meetings:

• Take photo if needed (store securely, mark confidential)
• Erase all confidential content before leaving room
• Don't leave customer names, architecture diagrams, or sensitive info visible

Tip: Use digital collaboration tools instead of whiteboards for confidential content (easier to control access and retention).

USB Drives and Removable Media

Storage:

• Lock in desk drawer when not in use
• Never leave lying on desk overnight
• Encrypt all data on USB drives (mandatory for confidential/restricted data)

Transport:

• Keep in pocket or bag (not loose)
• Report lost USB drives immediately
• Use encryption to minimize impact if lost

Disposal:

• Don't throw away USB drives (return to IT for secure disposal)
• Data must be securely erased before disposal

Laptops and Tablets

At Desk:

• Lock screen when stepping away
• Use cable lock in public places or customer sites
• Don't leave unattended (even locked)

Transport:

• Keep in sight or locked in car trunk (not visible in car)
• Use laptop bag (doesn't advertise contents)
• Enable full-disk encryption (mandatory)

End of Day:

• Take laptop home or lock in secure storage
• Don't leave in car overnight
• Log out of systems before shutdown

Mobile Phones

Screen Lock:

• PIN or biometric lock (mandatory)
• Auto-lock: 1 minute or less
• Don't leave phone unattended in public places

Confidential Calls:

• Move to private area (don't discuss in open office or public)
• Use headphones to prevent eavesdropping
• Be aware of surroundings

Lost/Stolen:

• Report immediately to IT
• Remote wipe capability should be enabled

Visitor Badges and Access Cards

At Desk:

• Don't leave access card on desk (keep in pocket or on lanyard)
• Display visitor badge as required at customer sites

Lost:

• Report immediately to reception or IT
• Deactivate lost access cards immediately

Common Scenarios and Solutions

Scenario 1: Unexpected Visitor to Your Desk

Problem: Customer representative arrives unannounced while you have competitor's contract on screen.

Solution:

• Quickly lock screen (Windows+L)
• Greet visitor and move to meeting room
• Return to desk to properly secure documents

Preventive:

• Always lock screen when visitor approaches
• Position monitor away from visitor paths
• Use privacy screen filter

Scenario 2: Stepping Out for Coffee

Problem: Just going to kitchen for 2 minutes, is it worth locking screen?

Solution:

• Yes, always lock screen (takes 1 second)
• Auto-lock will engage after 5 minutes anyway, but don't rely on it
• Make it a habit: lock before you stand up

Scenario 3: Working at Customer Site

Problem: Customer has open office layout, your screen is visible to many people.

Solution:

• Use privacy screen filter (mandatory at customer sites)
• Position desk to minimize viewing angles
• Lock screen more frequently
• Follow customer's clean desk policy
• Be extra cautious with Swedwise internal documents (customer shouldn't see our pricing, contracts, etc.)

Scenario 4: Printing Confidential Document

Problem: Sent confidential document to shared printer, but printer is across the office.

Solution:

• Walk to printer immediately (don't send print job and wait)
• Wait at printer until job completes
• Check printer tray for any pages left by others
• Use secure/follow-me printing if available

Preventive:

• Minimize printing of confidential documents
• Use digital formats where possible

Scenario 5: End-of-Day Rush

Problem: Need to catch train in 5 minutes, desk is covered with project documents.

Solution:

• Quickly gather all documents into folder/envelope
• Lock in desk drawer or filing cabinet
• Lock screen
• Take laptop with you
• Don't leave documents on desk overnight (even in locked office)

Scenario 6: Working in Cafe with VPN

Problem: Working on customer project in coffee shop, need to access confidential files.

Solution:

• Use privacy screen filter (mandatory)
• Position back against wall
• Use VPN for network access
• Lock screen if distracted (ordering coffee, bathroom)
• Consider: Is this work appropriate for public place? Can it wait until I'm in office?

Scenario 7: Family at Home Office

Problem: Kids home from school, running around while you're on customer call.

Solution:

• Lock office door during confidential calls/work
• Explain to family that you need private time
• Lock screen when interrupted
• Schedule confidential work during quiet times if possible
• Use headphones to prevent family from hearing customer calls

Privacy Screens

What is a Privacy Screen?

A privacy screen filter is a physical overlay on your monitor that:

• Narrows viewing angle (only visible from directly in front)
• Prevents shoulder surfing
• Appears dark/blank when viewed from the side

When Required:

• Mandatory in public places (cafes, airports, trains)
• Mandatory at customer sites (open office)
• Recommended in Swedwise open office areas
• Recommended for home office if working in shared space

Types:

• Adhesive: Sticks to screen, permanent
• Hanging: Hooks onto monitor, removable
• Magnetic: Attaches with magnets, easily removable

Tip: Request privacy screen from IT if you work in open office, at customer sites, or travel frequently.

Visitor and Guest Management

When Visitors Arrive at Swedwise Office

Clean Desk Actions:

• Lock screen before greeting visitor
• Put away confidential documents (customer contracts, internal pricing)
• Clear whiteboard of confidential information if in meeting room
• Escort visitor at all times (don't leave alone in work areas)

What Visitors Should Not See:**

• Customer contracts or project documents
• Pricing information or quotes
• Employee personal information
• Financial reports or forecasts
• Technical diagrams or architecture (customer-specific)

Meeting Room Protocol:

• Clear whiteboard before visitor enters
• Remove previous meeting materials
• Don't leave visitor alone in meeting room
• Clear room after visitor leaves (check for forgotten items)

Security Awareness Tips

Tip 1: Lock Screen = Muscle Memory

• Practice Windows+L (or Cmd+Ctrl+Q) until it's automatic
• Lock before you stand up (every time)
• Make it a habit, not a decision

Tip 2: The "One Minute Rule"

• If you're away from desk for even one minute, lock screen
• Shorter absences = higher risk of opportunistic access

Tip 3: Privacy Screen in Public

• Always use privacy screen in public places
• Test viewing angle before starting confidential work
• People are curious - they will look

Tip 4: Clean Desk = End-of-Day Routine

• Create a checklist (Lock, Clear, Store, Shred)
• Spend 2 minutes at end of day securing workspace
• First thing next morning, you'll appreciate it

Tip 5: Lead by Example

• Lock screen even if no one is around (set example)
• Remind colleagues if they leave screen unlocked
• Make security awareness part of team culture

Tip 6: Think Like a Spy

• What could someone learn from my desk?
• What's visible on my screen right now?
• Who can see my screen from where they're standing?
• What would I not want a competitor to see?

Physical Security Reminders

Office Security

Don't:

• Prop open security doors for convenience
• Let unknown persons "tailgate" into office
• Leave external doors unlocked
• Disable alarms

Do:

• Close and lock doors when last to leave
• Challenge unknown persons (politely ask if they need help)
• Report suspicious activity to office manager
• Enable alarm when leaving

Theft Prevention

High-Risk Items:

• Laptops (high resale value)
• Mobile phones
• USB drives (data value)
• Access badges (unauthorized access)

Preventive Measures:

• Use cable lock for laptop in public places
• Keep valuables in sight or locked storage
• Don't leave bag unattended
• Mark assets with company property tags

Monitoring and Compliance

Self-Assessment

Monthly Check:

• Is my desk clear of confidential documents at end of day?
• Do I consistently lock screen when leaving desk?
• Am I using privacy screen in public places?
• Are customer documents stored securely?

Team Awareness

Managers Should:

• Lead by example (clean desk, clear screen)
• Conduct periodic walk-throughs (end-of-day checks)
• Recognize good security behavior
• Provide constructive feedback if issues observed

Not Acceptable:

• Passwords on sticky notes
• Customer contracts left visible overnight
• Unlocked screens when away from desk
• Confidential work on airplane without privacy screen

Frequently Asked Questions

Q: Do I really need to lock my screen if I'm just going to the bathroom for 1 minute?
A: Yes. It takes 1 second to lock (Windows+L), and you never know when "1 minute" becomes longer. Make it a habit.

Q: What if I forget to lock my screen and someone accesses my computer?
A: Report immediately to your manager and CISO. This is a security incident. Follow the incident response procedure.

Q: Can I use a sticky note to remember my password?
A: No. Use a password manager instead. Sticky notes are the #1 source of password compromise.

Q: Is it okay to work on customer contracts in a coffee shop?
A: Only if you use a privacy screen filter and VPN. Consider whether the work is appropriate for a public place. If it's highly confidential, wait until you're in a secure environment.

Q: What should I do if I see a colleague's screen unlocked and they're away?
A: Lock it for them (Windows+L) and let them know. It's a friendly reminder and protects everyone.

Q: Do I need to shred every piece of paper I throw away?
A: Only confidential and restricted information. Internal documents can go in recycling. Use the classification guideline to determine.

Q: What if a visitor asks to use my computer?
A: Politely decline. Offer to show them to a guest computer or help them from your logged-in session (with supervision).

Q: How do I politely ask someone at a customer site not to look at my screen?
A: Use a privacy screen filter - it's physical, not social. If they ask what you're working on, be vague: "Just some internal Swedwise documentation."

Q: Can I take customer documents home?
A: Only if necessary and stored securely (locked drawer, encrypted device). Minimize taking confidential documents out of the office.

Q: What's the consequence of not following clean desk/clear screen?
A: Data breach, customer contract violation, regulatory penalties, loss of trust, and disciplinary action. It's serious.

Related Documents

• SW-ISMS-POL-001: Information Security Policy
• SW-ISMS-GUI-001: Information Classification Guideline
• SW-ISMS-GUI-004: Mobile Device Security Guideline
• SW-ISMS-GUI-006: Remote Working Guideline
• SW-ISMS-PRO-005: Incident Response Procedure

Document Control

Version	Date	Author	Changes
1.0	TBD	TBD	Initial draft

Review Frequency: Annual or when work environment changes significantly

Approval: TBD (CISO)

Next Review Date: TBD