Each and every one of us is individually responsible for computer security. You may already be taking appropriate security measures without even realising it, but just to be sure have a look at these top tips for computer security. Failure to follow these precautions could result in serious consequences for both the authority and you personally.
Workstation and screen
Set a strong password. Personal passwords are the first line of defence against attacks on your computer and the council's information systems.
If you are away from your desk for any period of time, lock your computer by pressing ctrl+alt+del and clicking on 'Lock Computer'. This will prevent anyone from accessing the system via your account. Remember, any unauthorised actions carried out on your account would be recorded as being made by you and could result in disciplinary or legal action.
Employ a 'Clear Screen' Policy
With open plan offices becoming more common, information can easily be read from computer screens. The risk can be reduced by closing any documents or systems containing sensitive information when they are not being worked on and by preventing visitors and unauthorised staff viewing information by angling monitors away from public areas or windows.
Emails
General emails are not secure, sensitive or confidential information should not be sent by email unless encrypted. When replying to or forwarding an email, ensure that the history does not include unnecessary confidential information or personal email addresses. Remember, your emails may have to be disclosed under the Freedom of Information Act so confine yourself to professional not personal opinions.
There is more information and guidelines about sending work emails in the Email Policy document.Incoming emails and externally produced documents can contain viruses and worms, be especially cautious of emails which are obviously spam or of an adult nature. These should not be opened but deleted immediately. Do not click on links embedded within an email without first verifying that the URL is legitimate (this can be seen by hovering your cursor over the link and looking for the web address in the notes bottom bar).
If you receive a virus alert don't panic! you can report it to the virus alert team.
Be aware of 'blagging' or 'social engineering'
Both these terms refer to the art of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term applies to unlawful information gathering or computer system access. If you are unsure whether a telephone call, email or visitor is genuine, do not divulge any information until you are sure the recipient is authorised to have that information.
Recognise how to spot 'phishing' attempts
Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy company or organisation in an electronic communication. Communications claiming to be from commercial companies such as banks, PayPal, or eBay are commonly used to lure the unsuspecting, often directing users to input their information onto a fake website. Banks and online companies do not send emails asking their customers to reveal personal information or security details. Ignore and delete any such messages. You should also be aware of other public sector bodies, partnership agencies or charities asking for similar information.
Browse the internet securely
Be wary of any website that isn't known to you. Things to look out for include predominantly black or very dark coloured web sites, text styles that don't seem right, information that seems to serve no particular purpose or that doesn't tie in with the purpose of the site. If you feel at all uneasy about a web site, leave it immediately by clicking the Back button on your web browser or by closing your web browser. Avoid any pop-ups that appear. Programs should not be downloaded without authorisation from IT Services.
What happens if I get it wrong?
If you follow this advice, you are unlikely to get it wrong. Always seek advice from your Line Manager or the Data Protection Officer if you are in doubt.
If you knowingly or recklessly fail to follow the council's guidance and policies, this may result in disciplinary action.
The council as the data controller and you as an individual could also be prosecuted or sued for compensation.