I recently read Don’t Talk to Strangers to my son. In the story Christopher Robin leaves the 100 Acre Wood to go visit his grandmother all by himself. Piglet finds this a worry and asks him if he is scared. Christopher Robin says no because he has the Stay-Safe-Rules written by his mother to help protect him.
Of course at that point my security hat went on and I compared how those rules relate to the effort of creating a culture where colleagues are conscious of their responsibilities in protecting company data.
AA Milne wrote this story in the late 1920s and today those rules still hold true in many spheres of life. Looking through company’s security policies we see these rules reflected and they have proved to be universal truths indeed.
Don’t talk to strangers
Avoid all confidential discussions with colleagues and/or stakeholders in public areas of such buildings or offices. These areas may include receptions, restaurants/cafes, lifts and lift lobbies.
Remember that office buildings are often shared with other tenants. The public areas should therefore be considered to be no more secure than, for example, an external restaurant or train station.
Do not share confidential information with third-parties without appropriate prior approval from a senior manager.
When taking sensitive papers out of the office keep them secure and out of view and do not allow anyone at a conference or meeting to read your documents if they have no legitimate reason to do so.
Never open your door to a stranger
Display the company’s security passes at all times in the office and be aware of potential tailgaters when entering and leaving. If in doubt about someone’s identity ask him/her to show a pass.
Escort visitors at all times, particularly back to reception.
Remove any sensitive documents in your possession from meeting rooms, copiers, printers and business centres as soon as the reason for them being there expires.
Never take a present from a stranger
Do not install third-party applications on company machines without consulting a security expert. Do not disclose password details. Do not access other colleagues’ files or emails without appropriate approval.
Act responsibly and reasonably in using company IT systems for personal purposes such as web browsing or email.