Information is a vitally important agency asset and we all have a responsibility to make sure that this information is kept safe and used appropriately. Without due care, personal, research or business information can be misplaced or leaked, which is a big enough problem in itself without the added difficulty of having to protect it against increasingly proactive and sophisticated attempts at theft.
Therefore, the business has adopted an Information Security Policy that complies with stringent legal requirements and provides the necessary assurance that data held and processed by the business is treated with the highest appropriate standards to keep it safe. The aims are: to raise your awareness to avoid inadvertently causing others inconvenience through disclosure of data; to avoid breaking the law; to avoid causing the business financial and reputational damage.
The majority of organisations know the dangers of information security breaches and some have suffered intellectual theft, serious reputational damage and in some cases fines for negligent management of data. We all have a requirement to work within the guidelines of the policy and by doing this you can help ensure the safety of your own data and that of others.
In simple terms, the most common causes of data loss or leakage can be avoided by:
- Making sure that only those who need access to data have that access.
- Not storing information where it can be accidentally exposed or lost, e.g. unencrypted USB drives and laptops.
- Making sure that if data has to be transported it is done so securely using encrypted devices or channels.
The objective of the business’s Information Security Policy is to ensure that all information and information systems (information assets) which are of value to the business are adequately protected against the adverse effects of failures in confidentiality, integrity, availability and compliance with legal requirements which would otherwise occur. Achieving this objective will largely depend on all members of the business complying with this policy.
The business has adopted the following eight principles to underpin its Information Security Policy:
- Information will be protected in line with all relevant business policies and legislation, notably those relating to data protection, human rights and freedom of information.
- Each information asset will have a nominated owner who will be assigned responsibility for defining the appropriate uses of the asset and ensuring that appropriate security measures are in place to protect the asset.
- Information will be made available solely to those who have a legitimate need for access.
- All information will be classified according to an appropriate level of security.
- The integrity of information will be maintained.
- It is the responsibility of all individuals who have been granted access to information to handle it appropriately in accordance with its classification.
- Information will be protected against unauthorised access.
- Compliance with the Information Security Policy will be enforced.
So how do the key principles relate to me?
The above underpinning principles of the Information Security Policy are best presented as a checklist of do’s and don’ts. If you work according to these do’s and don’ts then you will find that you are working within the Business’s Information Security Policy
|· Seek advice from the IT Service Desk if you are unclear about any aspect of information security.
|· Disclose your password to anyone..
|· Report any loss or suspected loss of data.
|· Use a personal email account for conducting any business on behalf of Prohibition PR LTD..
|· Change your password if you have any suspicion that it may have been compromised.
|· Undermine or seek to undermine the security of computer systems.
|· Ensure that personally owned equipment which has been used to store or process Business data is disposed of securely.
|· Make copies of restricted Business information without permission.
|· Encrypt your mobile devices and make sure that restricted information is always encrypted before it’s sent to others.
|· Provide access to Business information or systems to those who are not entitled to access.
|· Password protect your personally owned devices.
|· Use your Business password as the password for any other service..
|· Keep all of the software on your personally owned devices up to date..
|· Connect personally owned storage or mobile devices to Business owned equipment if you are a member of staff..
|· Comply with the law and Business policies..
|· Send unauthorised bulk email (spam).
|· Be mindful of the risks of using open (unsecured) wifi hotspots or computers in internet cafes, public libraries etc..
|· Leave your computers unlocked when left unattended.
|· Do assume that Information Security is relevant to you
|· Leave hard copies of confidential unattended or unsecured..