Keeping it Clean
Banks Safeguard Customer Information and Increase Efficiency Through Clean Desk Policies
An average paper-laden desk probably doesn’t strike fear in the hearts of most bankers, but in todays world, maybe it should. In many cases, the average desk contains a wealth of private customer information and classified bank data.
“We did one security assessment at a bank, and this woman had a Rolodex on her desk. Under the letter ‘P,’ she had all the passwords for her computer. Under the letter ‘V,’ she had the vault codes,” said Romir Bosu, president of Compushare, a South Coast Metro, Calif.-based professional services firm that provides technology consulting and solutions to community banks. To prevent this sort of situation, all banks should have a clean desk policy, Bosu said.
At their heart, clean desk policies are simple. Most require employees to make sure that confidential papers are not left on their desk when they go home at the end of the day. While there is some variance in policies, such as how often desks must be cleaned and who is responsible for compliance, most policies are markedly similar.
“For us, a clean desk policy is more of a common-sense policy. Having a clean desk program is something that all community banks need,” said Tom Powers, vice president of community banking and security officer for Willow Grove Bank, a $976 million-asset bank in Maple Glen, Pa.
The regulatory climate is paving the way for clean desk policies. The Gramm-Leach-Bliley Act requires banks to guard customer information from unauthorized access. While the act doesn’t specifically mention clean desk policies, many banks view it as a simple and important step in that direction. Many banks have already drafted formal clean desk policies, while many more are currently in the process of creating them.
Identity theft is surging across the United States, and a cluttered bank desk can be a breeding ground for future fraud. All it takes is a fraudster getting their hands on a single piece of paper. Between 1999 and 2003, the number of ID theft complaints to the Federal Trade Commission grew from 1,380 to 210,000. Businesses lost nearly $50 billion to ID theft in 2003.
“I’ve been working on a risk assessment for our information security program, and I’ve realized that we don’t have a written clean desk policy. It was always something that was talked about, but it was never formalized,” said Renee Ackerman, security coordinator for Wauwatosa Savings Bank, a $1.2 billion-asset institution in Wauwatosa, Wis. “Once the new customer information security packet is ready, all employees will be able to sign off on a clean desk policy.”
Overcoming Employee Resistance
Perhaps the biggest roadblock to implementing a successful clean desk policy is resistance from employees. Many are used to their cluttered desks, and asking them to clean up every day can prove difficult.
“Getting employees to go along with the clean desk policy won’t be an easy thing. To encourage them, I might include some incentives for keeping their desks clean,” Ackerman said. There should also be some form of punishment for not complying with the policy, Ackerman added. “It probably won’t be a termination offense, but there will be consequences. I will be in charge of the program, but I’ll be relying on department heads and supervisors as well,” she said.
Strong support from management is also effective when it comes to implementing a clean desk policy. “Management needs to buy into the clean desk policy and enforce it. You really have to be constant. Management should also put in place disciplinary punishments for not holding to the policy,” said Compushares Bosu. To ensure a proper program, the bank needs to change the corporate culture of its employees. Training alone won’t do the job, Bosu said.
At Gate City Bank in Fargo, N.D., employees are constantly kept aware of the security risks inherent in banking. “You need to remind them of the necessity behind the security measures. Employees see the risks that make clean desk policies necessary, but it’s hard to get them to do it,” said Allan Erickson, executive vice president and chief financial officer of the $748 million-asset bank.
Jay Krabbenhoft, an assistant vice president at Gate City, takes an annual trip to all the branch offices, and one of the things he looks for is the cleanliness of staff desks. “Employees hear about this all the time. Not having a clean and tidy work area is just not tolerated. If there were any problems, I would probably meet with the branch manager to offer my suggestions and thoughts for resolution. If that didn’t work, I’d have to go to management,” Krabbenhoft said. The bank also takes great pains to effectively train its work force, Krabbenhoft said. All branch managers travel to the headquarters office in Fargo for training.
Willow Grove Bank also puts an emphasis on training. When employees are hired, they undergo initial training, and all employees receive annual training. “One of the sections of the training program involves bank document exposure. Employees learn things like what to take off their desks and when to do it,” Powers said. Supervisors are in charge of overseeing the program, and every night, they go through a checklist to make sure that all desks have been cleared.
“We really haven’t had any problems getting our employees to go along with the clean desk policy. If you tell people from day one that they need to keep their desks clean, they’re going to do it. Besides, no one likes clutter,” Powers said.
How Often to Clean
Frequency is another challenge facing banks as they set up clean desk policies. How often should employees be required to clean their desk? Is one end-of-the day cleaning acceptable?
At Gate City Bank, once a day just doesn’t cut it. “If you have confidential papers on your desk, and you go out to lunch, put the papers away before you leave,” Krabbenhoft said.
Willow Grove Bank also requires employees to clear their desks whenever they are away for any significant period of time.
At Wauwatosa Savings, “if you’re going to be away from your desk for more than just a few minutes, you’re going to have to clean the desk,” Ackerman said. However, there are different levels of clean desk restrictions, depending on where the employee is sitting in the bank, Ackerman said. Someone in a branch lobby would have much more need to clean than someone who worked in the corporate center.
Setting the Right Tone
Beyond securing confidential documents from prying eyes, a clean desk policy can help with a bank’s overall appearance and atmosphere.
“Appearance is very important to us, it helps instill confidence in our customers. When you walk into the Gate City Bank, you want to know that everything is neat and tidy, warm, and inviting,” Krabbenhoft said.
It all goes back to one of Gate City’s central themes: being brilliant at the basics. “A messy desk, full of confidential information, might make a customer think twice about banking there,” Krabbenhoft said. Most bank customers assume that all papers lying around a bank are confidential, Krabbenhoft said, so even if they are really just scrap paper, it makes sense to remove them from sight.
A clean desk policy is also good customer service, said Gate City’s Erickson. Security policies usually don’t go hand-in-hand with customer service, but in the case of a clean desk policy, both sides are satisfied, Erickson said. Customers get to do business in a clean and professional atmosphere, while the bank gets to secure its confidential documents.
This attitude is echoed at Willow Grove Bank. “A clean appearance helps to instill confidence in both employees and customers. Plus, it’s essential from a security aspect. With the amount of fraud going on, all it takes is one account number to be lifted. One account number can not only affect a customer s account, but their entire identity as well,” Powers said.
Having a clean and orderly workspace can also increase work efficiency. A cluttered desk can become overwhelming to an employee, Krabbenhoft said. And a lack of organization can make it difficult for an employee to locate information, cutting down on their effectiveness and productivity, said Barbara Hemphill, the chief executive officer of the Hemphill Productivity Institute, a Raleigh, N.C.-based firm that specializes in working with companies to create more productive working environments.
Increasing overall productivity has been one of the by-products of the clean desk program at Willow Grove Bank. For example, when a customer opens a new account, an employee does all of the paperwork right there with them. “In the past, an employee might have set aside some of the work for later, which might have resulted in lost papers or a delay in the work. Doing the work right away and filing it really helps,” Powers said.
Additional Workspace Threats
A typical employees workspace offers several additional risks besides that of confidential papers left out on the desk. Unattended computers can offer criminals a way to tap into account information, and conversations can sometimes be overheard. “Shoulder-surfing,” which basically means looking over someone’s shoulder at his or her work, is also a concern.
As a way to combat some of these risks, Gate City Bank uses password-protected screen-savers for every computer. The bank also relies on monitor filters in certain locations. These devices make it impossible for anyone to see the computer screen unless they are directly behind it. Fax machines and photocopy machines are placed well out of customer reach as yet another defense. It’s also bank policy never to ask for an account number in the bank lobby. Gate City also arranges its furniture to maximize privacy and foil any would-be snoops.
What Lies Ahead
Clean desk policies are not mandated by the banking regulators, but that could change.
“It wouldn’t surprise me if the regulators make having a clean desk a part of compliance,” said Wauwatosa’s Ackerman. In situations like this, the regulators usually take some time before implementing any change, Ackerman said.
Even if clean desk policies never become officially mandated, it’s still important for banks to stick to them, say bankers and experts. Regulatory examiners “will judge you harshly if you have a policy and don’t enforce it,” said Compushares Bosu.
As banks look to the future, some are already devising additional solutions to help with their clean desk programs.
“We’ve given some thought to enlarging our back rooms, so there wouldn’t be as much need to have confidential papers in the front office. Another ideas has been to move toward more of a paperless bank,” Krabbenhoft said.
Copyright America’s Community Bankers Mar 2005
Provided by ProQuest Information and Learning Company. All rights Reserved