We are sharing 10 Golden Arrows of Information Security for your guidance:

1. Password Control

  • Protect your password(s) at all times
  • Change your passwords regularly and if you believe it has been compromised
  • When you leave your computer – secure it (Ctrl-Alt-Del) and log-off from protected systems
  • Ensure that your password is sufficiently complex that you can remember it but it cannot be guessed by others.

2. Preventing Computer Viruses

  • Ensure that all media and transmitted files are virus scanned before they are downloaded onto Company systems
  • Be suspicious of e-mail attachments from unknown origins
  • If you think your computer has a virus or you have a message to that effect – STOP using the PC – and tell your line/network manager
  • Please report all faults promptly.

3. Email Use

  • E-mails are monitored and must be business related
  • You must not send or forward chain letters, or emails containing offensive, abusive, racist or sexist comments
  • Personal e-mails must not be sent externally by the Company’s email facility

4. Internet Use

  • Your activity on the internet will be monitored
  • Only connect to the Internet via the Company’s network
  • Ensure that authorised and downloaded files from the internet are virus scanned
  • Do not browse, download, duplicate or transmit data from the internet which is pornographic, racist, sexist, vulgar or obscene.

5. “Need to Know” Principle

  • Only tell others what they need to know, in order to do their job
  • Ask yourself the question “Is that person really who they say they are and how can their identity be verified?” (Call them back, find them on a company address book)
  • Don’t inadvertently reveal Secret, Confidential or Personal-in-Confidence information to others, for example if you are talking in a public area, or someone tries to trick you into releasing it.

6. Protecting Company Information

  • Use the Company’s classification process to protect sensitive information; the levels are:
  • Secret (information if released to unauthorised persons could cause serious damage to the Company’s business/reputation)
  • Confidential (information if released to unauthorised persons could cause damage to the Company’s business or reputation)
  • Personal-in-Confidence (Information held internally by the Company that relates to individuals)
  • If a Company document (electronic/paper) does not have a visible classification marking it must be assumed to have an Internal  classification
  • Classification should normally be placed on top left hand corner of document.

7. Protecting Your Information Online

  • Ensure personal details are not given out onto the Internet without personal authority
  • Never reply to an e-mail request to forward personal or banking details – email is not secure
  • Do not reply or click on a link in an unsolicited email

8. Data Protection Act 1988

  • Personal data is any information about a living, identifiable individual that is held, or going to be held on a computer, other electronic equipment, within paper files, or on video or audio tape
  • Strict rules govern the release of Data Protection information
  • If in doubt regarding the handling or release of Data Protection information please refer the matter to your line manager

9. Security of Customer Payment Information

  • The Company is required to protect card payment details including name and account number at all times
  • All documents containing card payment details must be secured (lock and key) at all times
  • Card numbers must not be displayed in clear in emails or other documentation
  • Documents containing card payment details must be destroyed by using a cross cut shredder.

10. Disposal of Sensitive Information

  • Documents containing sensitive (Secret, Confidential, Personal-in-Confidence) information must be disposed of by cross cut shredder
  • Company owned computer equipment must not be disposed of without permission and must follow the instructions detailed on the Company’s Intranet.