Home and Workspace Security Baseline

Requirements

1. All entry points to any space used for sensitive work — home office, study, or dedicated workspace — must be secured when unattended and when work sessions are in progress. A closed door is not sufficient. A locked door is the minimum where the physical configuration permits it.
2. Screens displaying sensitive content must not be visible from doorways, windows, or any position accessible to someone who has not been explicitly granted access to the work being conducted. Monitor positioning and screen orientation must be reviewed as part of workspace setup, not treated as cosmetic decisions.
3. A privacy screen must be fitted to any laptop used for sensitive work outside controlled premises. Open-plan environments, shared offices, co-working spaces, and any space with variable or uncontrolled foot traffic are all outside controlled premises by definition.
4. Visitors — domestic, professional, or tradespeople — must not be granted unsupervised access to any space containing devices, documents, or materials related to sensitive work. This requirement applies regardless of the visitor's apparent relationship to the occupant or the stated purpose of their visit.
5. Devices used for sensitive work must be physically separated from shared or common areas of any residence or office. A device on a kitchen counter, living room table, or open desk in a shared space is an accessible device, regardless of whether it is locked.
6. Physical credentials — access cards, hardware authentication keys, key fobs, and any physical token used for access or authentication — must be stored securely when not in use and must not be left on surfaces accessible to others. Loss must be reported and access revoked within the hour.
7. Any space used regularly for sensitive work must be assessed annually against this protocol: access controls reviewed, screen visibility confirmed, visitor procedures confirmed, and document handling verified. The assessment need not be formal; it must be honest.

Why Physical Security Is Not Separate from Digital Security

The distinction between physical and digital security is largely administrative. In practice, they are the same attack surface. A device that is technically encrypted and patched and locked behind strong authentication can be compromised by someone who sits down at an unlocked session, photographs the screen, installs a hardware keylogger in thirty seconds, or simply reads the document left on the desk next to it.

Most digital security frameworks treat physical security as a precondition — something assumed to be in place before the digital controls even apply. The assumption is rarely tested. People who spend significant effort on password managers, two-factor authentication, and VPNs routinely leave sessions open on shared computers, conduct sensitive calls in shared spaces, and leave printed documents in places accessible to anyone who enters the room.

Access Control

Physical access control begins with awareness of who can enter a space without your knowledge or permission. In a home, this includes household members, domestic staff, contractors, and delivery personnel. In a professional office, it includes facilities staff, cleaning crews, and colleagues. The question is not whether these people are trustworthy — it is whether unsupervised access to spaces containing sensitive materials is consistent with the level of security those materials require.

The countermeasure is not suspicion of individuals — it is structural: arrange the physical environment so that sensitive work and sensitive materials are not accessible to people who have no reason to access them. This is a workspace design question as much as a security one. A dedicated room with a working lock solves it for most purposes. A cable lock on a laptop, a locked drawer for documents, and a habit of clearing the desk before admitting visitors solves most of the remainder.

Screen and Document Visibility

What is visible on a screen or desk is effectively disclosed. A document face-up on a desk is readable by anyone who enters the room. A screen visible through a window is readable by anyone outside. A monitor positioned to face an open doorway is readable by anyone who passes.

These exposures are rarely deliberate — they are the result of workspace arrangements that were set up without security considerations in mind. The correction is straightforward: position screens so that they face away from entry points and windows. Use a privacy screen on laptops in any environment where the desk position cannot be controlled. Clear the desk of sensitive documents before admitting anyone to the space.

Visitor Management

Contractors, tradespeople, and service personnel are a specific category of visitor that many security frameworks underweight. They are typically admitted to a property for a legitimate purpose, and that legitimacy tends to suspend the normal instinct to limit access. A plumber, an electrician, or a cleaner with unmonitored access to a home office has more physical access to sensitive materials than most determined adversaries would achieve.

The requirement is not to supervise every tradesperson personally for every minute of their visit — that is impractical. The requirement is that spaces containing sensitive devices and documents are secured before the visit begins. Lock the office. Clear the desk. Remove hardware tokens from the room. The preparation takes two minutes and eliminates the exposure entirely.