“OMG, keep those desks clear to avoid hacking and cyber threats,” expert warns


A clear desk policy is vital in protecting organisations from threats such as keystroke loggers and injection payload devices like OMG cables, says a professional private investigator.

Jack Charman’s time in the army has given him a wealth of experience and knowledge, which has equipped him to gather an outstanding team at National Private Investigators, the company he founded in March 2016.

There are two main threats to look out for in the office, which may not be initially obvious to the untrained eye, says Charman.

These are: Keystroke loggers and OMG cables.

Physical keystroke loggers can be attached to keyboards, while OMG cables look just like your average Apple charging cable but when plugged into your computer allows hackers to remotely access your computer and infiltrate your network.

Now, Charman says businesses need to up their game if they are to protect their secrets from bad actors.

Charman explains: ‘Business owners need to clearly articulate the objectives, scope and rules of the clear desk policy. This should include details on the proper handling and storage of sensitive information and devices.’Bosses need to determine which areas and items are covered by the policy, including workstations, shared spaces and meeting rooms, says Charman.

He adds: ”Management buy-in and communication is vital to ensure all staff are on board with these vital security steps.“Ensure senior management understands the importance of the policy and is committed to its enforcement.“Communicating the policy is key. Use emails, meetings, and internal portals to communicate the policy to all employees. Explain the benefits and the potential threats the policy aims to mitigate.

Training sessions also play a key part in reducing threats to businesses, says Charman.“Educate employees about the risks of keystroke loggers, OMG cables, and other similar threats. Show how these devices work and the damage they can cause.“Reinforce the policy through regular reminders and updates on emerging threats.

Businesses should also invest in physical security measures, such as lockable storage options for employees to store sensitive documents and personal devices. Charman says random and scheduled inspections should be undertaken to ensure compliance with the policy.

“Tech also plays a big part," Charman continues, adding: “Business owners should implement software solutions to monitor and detect unauthorised devices connected to the network. “It's also imperative that all workstations have up-to-date antivirus and anti-malware software.

There should be clear consequences for staff if they don't follow the rules, concludes Charman:

“Define the disciplinary actions for non-compliance. Ensure that all employees are aware of these consequences.“Regularly audit compliance with the policy and review its effectiveness. Update the policy as needed based on new threats and technologies.“Encourage employees to clear their desks of sensitive documents and personal devices before leaving their workstations unattended and advise employees to use only company-issued cables and chargers. Explain the risks associated with using unknown or unauthorised devices.” 

By implementing these measures, businesses can significantly reduce the risk of security breaches from keystroke loggers, OMG cables, and other injection payload devices. Regular training and vigilant enforcement are key to maintaining a secure work environment.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter