I recently read Don't Talk to Strangers to my son. In the story Christopher Robin leaves the 100 Acre Wood to go visit his grandmother all by himself. Piglet finds this a worry and asks him if he is scared. Christopher Robin says no because he has the Stay-Safe-Rules written by his mother to help protect him.
Of course at that point my security hat went on and I
compared how those rules relate to the effort of creating a culture where
colleagues are conscious of their responsibilities in protecting Ofcom's data.
AA Milne wrote this story in the late 1920s and today those rules still hold true in many spheres of life. Looking through company’s security policies we see these rules reflected and they have proved to be universal truths indeed.
Don't talk to strangers
Avoid all confidential discussions with colleagues and/or stakeholders in public areas of such buildings or offices. These areas may include receptions, restaurants/cafes, lifts and lift lobbies.
Remember that office buildings are often shared with other tenants. The public areas should therefore be considered to be no more secure than, for example, an external restaurant or train station.
Do not share confidential information with third-parties without appropriate prior approval from a senior manager.
When taking sensitive papers out of the office keep them secure and out of view and do not allow anyone at a conference or meeting to read your documents if they have no legitimate reason to do so.
Never open your door to a stranger
Display companys’ security passes at all times in the offices and be aware of potential tailgaters when entering and leaving. If in doubt about someone's identity ask him/her to show a pass.
Escort visitors at all times, particularly back to reception.
Never take a present from a stranger
Do not install third-party software or hardware applications, disclose password details or access other colleagues' files or emails without appropriate approval.
Act responsibly and reasonably in using company IS systems for personal purposes such as web browsing or email.
Never take a ride from a stranger
As part of their role, some colleagues will from time to time need to speak to or meet other members of the business community. Such contacts should be carefully handled, and are subject to the following rules:
No one should maintain active contacts without ensuring that the group head is fully aware of these and has given written agreement. In particular, lunches and other events should be approved by the group head in advance.
More generally, any conversations should be restricted to gathering information and opinion about the market.
More generally, any conversations should be restricted to gathering information and opinion about the market.
If a stranger does try to talk to you or touch you, yell "NO!" run away, and tell a grown-up you trust as soon as you can
Do not click on links in unsolicited emails. Do not give information to callers whose identity you cannot confirm. If you spot a security flaw in any of the company’s facilities including the offices, network and websites, please report this to the security team.
And remember, if you're going somewhere, it's always friendlier and safer to go with someone you know
Third party service providers offer ways to help managers and their groups perform more efficiently. It is always best to check the levels of security a provider is able to offer and ensure that it is documented in a contract. Buying in external services should not be done without consulting other relevant colleagues.
Safety and security are about creating protective habits in handling what is valuable to us. A good habit to develop is removing any sensitive documents in your possession from meeting rooms, copiers, printers and business centres as soon as the reason for them being there expires.
Christopher’s grandmother understood this and was able to put together a list of cautions that will lead to safe behaviour.
Comments