Use of passwords the IT section of the intranet or upon request from Information Security Policy
the Resolution IT.
The security of some of our data is only as strong as the password used to protect it. When creating a password, try to make it as strong and unguessable as possible. In particular: Secure use of email and defence against viruses Summary Card Make it at least eight characters long Use numbers as well as upper and lower- Users must be constantly vigilant against the threat case letters of malicious code in the form of viruses. In order to Use a passphrase rather than a word. For minimize the risk of introducing a virus to the example, TheCatSatOnTheMat2020 network, follow the following code of practice: Passwords Don’t use publicly available information Email and viruses associated to you, such as your name, Don’t open attachments unless you know Staying secure when offsite children’s names or date of birth they are from a reliable source Physical security Don’t use common passwords such as Always scan files from outside the Reporting a security incident Password1 or 12345678 organization before storing them on the Printing confidential information Change your password if you think it has network Transferring data outside the organization been compromised Ensure your virus-scanning software is Never share your password with anyone working correctly else, including staff, third parties or even Always report any virus-related messages the Resolution IT you encounter to the Resolution IT Don’t write your password down Don’t download unauthorized software or Use different passwords for different key files from the Internet systems where possible Staying secure when offsite Employees travelling on business are responsible for the security of information in their custody. They should not take confidential data offsite unless there is a valid reason to do so.
While offsite:
Don’t leave laptops, tablets, phones or
This document other portable IT equipment in an unattended vehicle This document is intended to be a brief summary of Don’t advertise the fact that you have a some of the points set out within the set of MTK device in your possession MMA Global information security policies. It is Use PINs and passwords to protect devices not comprehensive, and users are referred to a copy from unauthorized access of the full policy documents which are available on Physical security Adhere to policies and procedures relating to IT use, equipment maintenance and When locating computers and other hardware, security precautions are to be taken to guard against the Log out of the network and/or systems environmental threats of fire, flood and excessive promptly when requested to do so ambient temperature and humidity.
All employees should be aware of the need to Printing confidential information
challenge strangers on the organization’s premises. Consideration must be given to the secure storage Confidential information should not be sent to an of paper documentation containing sensitive or insecure, unattended printer where it may be seen confidential information, such as customer files. or picked up by unauthorized people.
Reporting a security incident Where necessary, use PIN protection on multi-
function devices. All suspected information security incidents must be reported promptly to the Information Security Manager via the Resolution IT. Provide the following information as a minimum: Transferring data outside the organization Name Department Where appropriate, sensitive or confidential Contact Number information or data should always be transmitted in Description of the incident encrypted form. Current and/or potential impact Prior to sending information to third parties, not Above all, think about what you are going to say only must the intended recipient be authorized to and how will you explain your problem: receive such information, but the procedures and information security measures adopted by the third Notify the Resolution IT of any actual or party must be seen to continue to assure the potential breach of security immediately. confidentiality and integrity of the information. Record any information which may help. Never store confidential information in For example, error messages unauthorized cloud services. Adhere to procedures when logging an incident If in doubt, contact the Resolution IT for advice. Remain courteous to the people dealing with the incident Request escalation if required by following the appropriate procedure