We are sharing 10 Golden Arrows of Information Security for your guidance:
1. Password Control
- Protect your password(s) at all times
- Change your passwords regularly and if you believe it has been compromised
- When you leave your computer – secure it (Ctrl-Alt-Del) and log-off from protected systems
- Ensure that your password is sufficiently complex that you can remember it but it cannot be guessed by others.
2. Preventing Computer Viruses
- Ensure that all media and transmitted files are virus scanned before they are downloaded onto Company systems
- Be suspicious of e-mail attachments from unknown origins
- If you think your computer has a virus or you have a message to that effect – STOP using the PC – and tell your line/network manager
- Please report all faults promptly.
3. Email Use
- E-mails are monitored and must be business related
- You must not send or forward chain letters, or emails containing offensive, abusive, racist or sexist comments
- Personal e-mails must not be sent externally by the Company’s email facility
4. Internet Use
- Your activity on the internet will be monitored
- Only connect to the Internet via the Company’s network
- Ensure that authorised and downloaded files from the internet are virus scanned
- Do not browse, download, duplicate or transmit data from the internet which is pornographic, racist, sexist, vulgar or obscene.
5. “Need to Know” Principle
- Only tell others what they need to know, in order to do their job
- Ask yourself the question “Is that person really who they say they are and how can their identity be verified?” (Call them back, find them on a company address book)
- Don’t inadvertently reveal Secret, Confidential or Personal-in-Confidence information to others, for example if you are talking in a public area, or someone tries to trick you into releasing it.
6. Protecting Company Information
- Use the Company’s classification process to protect sensitive information; the levels are:
- Secret (information if released to unauthorised persons could cause serious damage to the Company’s business/reputation)
- Confidential (information if released to unauthorised persons could cause damage to the Company’s business or reputation)
- Personal-in-Confidence (Information held internally by the Company that relates to individuals)
- If a Company document (electronic/paper) does not have a visible classification marking it must be assumed to have an Internal classification
- Classification should normally be placed on top left hand corner of document.
7. Protecting Your Information Online
- Ensure personal details are not given out onto the Internet without personal authority
- Never reply to an e-mail request to forward personal or banking details – email is not secure
- Do not reply or click on a link in an unsolicited email
8. Data Protection Act 1988
- Personal data is any information about a living, identifiable individual that is held, or going to be held on a computer, other electronic equipment, within paper files, or on video or audio tape
- Strict rules govern the release of Data Protection information
- If in doubt regarding the handling or release of Data Protection information please refer the matter to your line manager
9. Security of Customer Payment Information
- The Company is required to protect card payment details including name and account number at all times
- All documents containing card payment details must be secured (lock and key) at all times
- Card numbers must not be displayed in clear in emails or other documentation
- Documents containing card payment details must be destroyed by using a cross cut shredder.
10. Disposal of Sensitive Information
- Documents containing sensitive (Secret, Confidential, Personal-in-Confidence) information must be disposed of by cross cut shredder
- Company owned computer equipment must not be disposed of without permission and must follow the instructions detailed on the Company’s Intranet.