Latest news with #SwissSecuritySolutions
Forbes
15-07-2025
- Business
- Forbes
Implementing A Clear Desk Policy: A Practical Guide
Bojan Ilic – Chairman & Global Director at Swiss Security Solutions, expert in Security & Investigations. In today's corporate culture, information security is not an afterthought in the back office, but a priority in the boardroom. One of the simplest but most underappreciated elements of a good information security and data protection position is the clear desk policy (CDP). While the premise may seem simple—emptying desks of clutter and sensitive documentation—its strategic and regular enforcement is anything but a trivial exercise. Having helped lead the development and enforcement of a clear desk program at a large consulting firm, I've seen firsthand how this policy can mitigate risk, improve accountability and strengthen data protection culture across multiple jurisdictions and business units. Why A Clear Desk Policy Matters A clear desk policy ensures sensitive documents and electronic devices are secured away when not used, particularly at the close of business. It reduces the likelihood of data compromise, insider threats and unauthorized disclosures. And even more importantly, it reflects a company's commitment to operating discipline and professional responsibility. The value of CDPs holds true in both multinational companies and high-risk businesses. The consulting firm we worked with, for instance, deployed the policy with military-style precision across some of its offices, supported by real-time audit logs, sweep operations, exception handling and multi-role accountability chains. Clear desk enforcement helped the firm reduce data exposure and created a culture of information stewardship. Even the smallest lapses, such as an unattended laptop or a confidential file left open, can become major liabilities. A well-implemented clear desk policy reinforces security at every desk, every night. What Is An ISO 27002 Clear Desk And Clear Screen Policy? While big four companies and other consulting firms, like banks, insurance companies and financial institutions, are not IT firms, the nature of their work—advising clients on financial, legal and strategic matters—demands a rigorous approach to data protection. When I helped implement a clear desk policy across multiple offices, our aim wasn't compliance for the sake of it but to create a culture where securing information was second nature. Whether it's a misplaced laptop or a document left on a desk, the risks are real, even in non-tech industries. The ISO 27002 Clear Desk & Clear Screen Policy provides guidelines for protecting information and physical assets in the office. Key Components Of An Effective CDP Drawing from effective operational frameworks for these policies, here's a guide to implementing a clear desk policy that works: Your policy should define who is responsible for what. In my experience, this includes: • Sweep teams: Conduct physical desk checks after hours. This is usually the responsibility of security services, protection services or security guard teams. • Facility management (FM): Verify asset ownership and update breach logs. • Security managers: Own the process, handle escalations, and ensure compliance across locations. Each role should be backed by clear SOPs to ensure consistency. From breach notices to digital logs, transparency is key. For our client, every seized laptop was logged with a unique asset number, accompanied by a physical breach notice. The database tracked who, what, when and where, which served as a critical foundation for auditing and continuous improvement. Progressive enforcement is critical. We have used a graduated response system: • First breach: Reminder and policy reference. • Second breach: Mandatory security briefing. • Third/fourth breach: Tailored disciplinary action and leadership involvement. Unattended devices should be placed in secure cabinets. Retrieval can then require identity verification and signature, reinforcing the seriousness of the breach. In our client's case, exceptions were allowed but tightly controlled. Assets left running for legitimate business reasons can be tagged with exception authorizations. Permanent exemptions, such as for IT or HR rooms, can be made conditional and revocable upon noncompliance. Education is essential to driving cultural change. In my mandate, employees received tailored guidance documents upon breach and were directed to centralized policy resources. Lessons Learned From The Field Here are some practical insights from managing a CDP at scale: • Consistency beats intensity. Policies must be enforceable across all business units, not just HQ. • Technology is not enough. A fancy asset tracking system fails without human diligence. • Culture trumps policy. Empower staff to understand 'why' they must comply, not just 'what' they must do, and give employees rules and best practices. For example: 1. Clear up the workplace at the end of each day. 2. Secure your devices and data units (such as external drives and USB sticks). 3. No passwords on display or simply hidden in the office. 4. Use lockable storage for sensitive internal or client documents. 5. Employees should conduct regular self-checks. Final Thoughts A well-implemented clear desk policy is more than a checkbox; it's a front-line defense against data loss and reputational harm. By embedding it into daily operations and holding teams accountable, organizations can elevate their security maturity without complex tools or expensive software. If your organization handles sensitive data, and most do, then implementing or refining your clear desk policy is a simple, strategic win. A strong clear desk policy isn't just compliance; it's culture. And as someone who's helped enforce this at one of the world's most demanding firms, I can tell you: It's the small things that protect the big picture. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Forbes
27-06-2025
- Business
- Forbes
20 Effective Ways To Safeguard Your Business's IP
The protection of intellectual property in a constantly shifting business environment is a growing priority for business leaders. As technology continues to rapidly advance and new tools are released on a consistent basis, determining how to best tackle cybersecurity threats and a lack of regulations for AI use is essential to keeping sensitive information and valuable IP safe for the long term. The members of Forbes Business Council have experience navigating the challenges of building and leveraging emerging and unregulated technology. Below, 20 of them share strategies they are employing to better protect their intellectual property amid growing cybersecurity threats and unregulated AI use. 1. Implement Proactive Protective Measures We've successfully mitigated intellectual property risks, such as data scraping, deepfakes, impersonation scams involving our logo, and insider threats, by implementing digital watermarking, AI-driven monitoring and real-time threat detection. These measures are essential for safeguarding intellectual property and brand integrity in today's environment. - Bojan Ilic, Swiss Security Solutions LLC 2. Build IP Awareness Throughout The Company Embed IP awareness into onboarding processes and the business culture. Every team member should know what's at stake. We watermark internal assets with invisible markers and use decoy data in AI training environments to test for leaks. It's not just tech defenses that keep IP safer, but mindset and habits, too. - Sam Nelson, Downstreet Digital Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify? 3. Establish Detailed Instructions Provide specific job instructions. It may seem obvious, but you'd be surprised to learn that people might wipe a monitor with a harsh cloth or use unauthorized plugins, data decoders or free AI tools. We rely on two things: strict access levels (for example, devs don't get domain access) and more than 100 living SOPs that we constantly update as new 'surprises' pop up. - Mykola Lukashuk, Marketing Link LLC 4. Set Up Real Barriers In my experience managing digital IP, setting up real barriers, like segmented access levels, watermarked assets and AI detection tools, has made a big difference. We block unauthorized scraping, limit tool permissions and flag unusual usage patterns. These checks help catch issues early and keep our creative work protected across teams. - Andrew Lopez, 1000 Media 5. Hold Regular Training Sessions Regular staff training has been key, as human error is often the weakest link. We also use strict access controls and review AI tools before adoption. Companies should focus on education, implement clear usage policies and stay proactive. Protecting IP today means blending smart tech with smarter habits. - Braden Yuill, Virtual Coworker 6. Establish A Zero-Trust Security Model Companies can implement a zero-trust security model, verifying every user and device before granting access. Coupled with robust data encryption and strict access controls, this minimizes breach risks. Establish clear internal policies for unregulated AI, monitor sensitive data handling and implement regular audits. While I don't have experience with breaches, these layered strategies are crucial defenses. - Jay Patel, OSI Systems 7. Hire An IP Attorney This is where your A-team comes into play. Amid growing concerns about our company's IP, we've chosen to hire a top-notch IP attorney who helps oversee the areas we overlook. It's important to involve your IP attorney early on during the design or conceptual phase to ensure efforts are not unintentionally misguided. You get what you pay for, and it's worth hiring an extra set of qualified eyes and ears! - Pam Scamardo, TPK Properties LLC 8. Segregate Core IP We protect trade secrets by splitting core intellectual property, such as algorithms or formulas, into encrypted microservices accessed only via APIs with role-based controls. Using zero-knowledge architecture, no single system or team holds the full IP, reducing the risk of breaches and preserving confidentiality even in AI-driven environments. - Krutarth Shah, Avon River Ventures 9. Implement Strict Access Control And AI Policies We protect our IP with strict access controls and clear AI usage policies. We limit sensitive data access, restrict external AI tools and train our team to avoid accidental leaks. Treating AI risks like cybersecurity threats has been key to protecting our assets while supporting innovation. - Brett Husak, PayBlox 10. Develop An AI Review Process Create a process for reviewing and clearing AI outputs, and implement clear policies. Additionally, implementing multifactor authentication can help secure AI models against unauthorized access. In-house privacy teams should also expand their focus to streamline processes and controls while adapting to AI-related risks and regulations. - Adam Povlitz, Anago Cleaning Systems 11. Build A Comprehensive Cybersecurity Framework One effective approach is the implementation of a comprehensive cybersecurity framework that integrates advanced encryption techniques and regular security audits. This strategy not only fortifies digital infrastructure, but also ensures that sensitive information remains confidential and protected from unauthorized access. - Veena Jetti, Vive Funds 12. Combine Security Protocols With Employee Education One effective way to protect intellectual property amid rising cybersecurity threats and unregulated AI use is to implement multilayered security protocols combined with continuous employee education. In my experience building AML and RegTech software, pairing advanced technological safeguards with regular training and clear policies creates a resilient defense. - Khurram Akhtar, Programmers Force 13. Limit Data Put Into Third-Party Tools One thing I've done to protect IP in the age of AI and rising cyberthreats is limiting what goes into third-party tools. Not every prompt or file needs to go through a chatbot or cloud platform. We set clear internal guidelines on what can be shared, where and with whom. IP protection today isn't just legal; it's operational. Discipline at the input level is your first real line of defense. - Romain Pison, NoviCarbon 14. Build An Internal AI Sandbox We've built our own sandbox AI environment. It's internally hosted, completely separate from production systems and intentionally dumbed down for safety. That way, people can explore and test ideas without ever touching real customer data or IP. It's more work up front, but it gives us room to experiment without putting the business at risk. - Ran Ronen, Equally AI 15. Leverage Patents One of the most effective ways to protect intellectual property is still the classic approach—patents. If you've developed something original, secure it legally. A properly filed patent remains one of the strongest defenses, regardless of AI advancements or cybersecurity threats. No AI can override legal ownership when your rights are protected on paper. - Jekaterina Beljankova, WALLACE s.r.o 16. Integrate AI Governance One powerful way companies can protect their intellectual property is by proactively integrating AI governance into their cybersecurity strategies. That means clearly defining who can access sensitive data and how AI tools are used internally and putting strong digital rights management in place. Too many companies treat IP protection like an IT problem, but it's actually a leadership issue. - Magda Paslaru, THE RAINBOWIDEA 17. Mitigate The Human Element Of Breaches IP protection starts with people, since the human element accounts for roughly 60% of breaches. Tight access and clear audit trails would help. For example, ensure engineers see only the code they own, every build has an invisible watermark, and GenAI prompts get logged. This shrinks the blast radius if a password leaks, while watermarks and logs give us forensic proof should proprietary code ever surface elsewhere. - Alvin Kan, Bitget Wallet 18. Collaborate Across Departments And Adopt Digital Watermarking Effective IP protection demands cross-departmental collaboration involving IT, HR, security, legal teams and so on. A practical solution may include adopting digital watermarking, a technology that embeds invisible identifiers into AI models, documents, datasets and other assets. The markers can help organizations monitor usage patterns, trace access points or identify unauthorized distribution. - Anton Alikov, Arctic Ventures 19. Embed Digital Markers Into Your IP Beyond firewalls, we practice active IP scenting. We embed unique, inert digital markers—our 'canaries'—deep within core code and sensitive docs. If these 'scents' appear where they shouldn't, like in an AI's output or a leaked file, it is an instant alert. This strategy once caught an AI tool scraping our private data, turning our IP defense from passive hope to an active, early warning. It's all about proactive vigilance. - Oleg Levitas, Pravda SEO Inc., Real Results SEO Inc. 20. Consider Hiring Cybersecurity Services A client of mine provides cybersecurity services. Once someone is breached, they restore operations, handle ransomware threats and then implement a set of advisory services to help prevent another incident. I've learned that the best way to protect clients' IP and operations is to view the expense of constant vigilance as 'insurance' with great ROI potential for growth-oriented leaders. - Jerry Cahn, Age Brilliantly
