Protecting Information

1
Protecting Information
2
(No Transcript)
3
Information is vital to what we do

• When used effectively it can
• help our organization run smoothly.
• help achieve our aims and objectives.
• be instrumental in improving the quality and
  success of our training, recruitment,
  administration and above all the cadet
  experience.

4

• Staff and volunteers need ready access to
  information but must be aware of the need to
  protect that information, and of the damage that
  can be caused if it is lost or stolen.

5
Dont let data loss be your fault

• The secure and effective handling of information
  is critical to the safe conduct of all Sea Cadet
  activities and to the safeguarding of all our
  cadets and adult volunteers

6
What happens when information is not properly
protected?

• Recent losses of information in Government
  departments have given this issue a very high
  profile and have had an impact on all of us.
• The losses highlighted the importance of
  protecting ourselves and our organisation against
  negligent loss.
• In the MOD and in other organisations, tough
  disciplinary action is being introduced.

7
What is Information?
8
What is Information?

• There are many types of information.
• Name, address, date of birth, passport number.
• Personal data such as medical records, religious
  beliefs, trades union membership, etc.
• Personal information about young people in our
  care.
• Weapon holdings, movements etc.

9
What is Information?

• It can appear in many forms
• Paper documents
• Data on PCs, mobile phones, iPhones, etc.
• CDs, DVDs, USB sticks, etc.
• CCTV footage.
• Photographs.
• Conversations

10
Some information is marked to show how sensitive
it is

• The MOD uses a protective marking system to help
  protect the information we handle. These markings
  signal the value and sensitivity of information
  and the level of protection it needs
• PROTECT RESTRICTED
  CONFIDENTIAL
• SECRET TOP SECRET
• If you work in an area where protective markings
  are used, speak to your line manager or service
  commander for more advice.
• Most likely your access to information will be
  limited to that contained on Westminster. That
  will fall into the PROTECT category.
• Some information which refers to weapon holdings
  or movements may be RESTRICTED or higher.

11
Why do WE need to protect information?
12
Why do WE need to protect information?

• Information can be exploited by
• At best - those who wish to damage our
  reputation.
• At worst criminals and paedophiles
• Protecting our information is vital. If it falls
  into the wrong hands it could have severe
  consequences.

13
It could happen to you
14
It could happen to you

• What might happen if this information goes
  missing or falls into the wrong hands? You might
  not get paid on time. Even worse, you might
  have your identity stolen.

Always protect other people's information as if
it were your own.
15
What happens when things go wrong?
I sent the records to another office to meet a
deadline. They got lost in the post and it was
all over the news, there was an investigation and
my boss lost his job. I felt awful. I'm now off
work with stress... all because I posted a few
papers.
Three months ago I got a letter to say they had
lost some of my personal information, and that I
had to be alert. But it made me so angry. I
always shred every bit of my own paperwork, and
here they are losing stuff on my behalf! I feel
so let down.
We issued a formal apology to those involved but
we can't undo the damage that has been done.
Weve potentially compromised the security of
some of our staff and have taken measures to
rectify this. But our reputation has suffered
people will find this hard to forget.
16
What happens when things go wrong?

• If you are responsible for an information
  security incident, then you could face
• Physical and/or psychological harm
• Disciplinary action
• More work to recover the situation.
• The Sea Cadets could suffer
• Damage to reputation through the media
• Financial implications
• Cessation or reduction in activities
• For your colleagues or your cadets it could lead
  to
• Physical and/or psychological harm
• Financial loss or identity theft
• A breach of their Human Rights.

17
Remember

• Information is useful to us.
• Information can also be a liability.
• You need to look after it carefully.
• The consequences of losing information are
  severe.
• Protect information as if it were your own

18
Wherever you are.

• Where you work depends on what you are doing.
• Whoever you are, you need to be aware of
  information security.
• Wherever you are, you have a responsibility to
  protect information.

19
Avoiding the hazards

• The measures used to protect information can be
  broken down into three areas
• Cultural
• Physical
• Technical

20
Scenario

• After a regatta, you come across a cadet address
  list lying around. Its getting late and you are
  anxious to get home.
• What do you do?
• Nothing, its nothing to do with me?
• Take it to your CO?
• Take it home until tomorrow I dont want to
  leave something like that lying around for anyone
  to find?

21
Physical security
Challenge people you dont recognise, or those
without a pass.
22
If in doubt
Check them out!
23

• Sensitive information should only be accessed by
  authorised users. Lock all sensitive material
  away.
• Do not leave sensitive material lying around.
• Keep your identity card with you at all times.
• Always challenge the presence of strangers.
• Remain vigilant.

24
Out and about

• Technology is constantly changing the way we
  work.
• Almost everyone has a mobile phone or other
  device capable of storing information.
• You have to consider the possible consequences of
  carrying sensitive information.
• There is always a risk of it being seen by people
  who have no right to see it or of it being lost
  or stolen.
• If information falls into the wrong hands it can
  do untold damage.

25
Precautions

• You may come into contact with, be asked to look
  after, or transport sensitive or personal
  information or equipment for which you will have
  responsibility.
• Only carry sensitive or personal information when
  you need to.
• Only carry sensitive or personal information if
  you know it is adequately protected.
• Do not advertise the fact that you are carrying
  sensitive or personal information.
• Plan ahead and remain alert to the risks.
• Keep your passwords to yourself dont write
  them down and dont carry them with you!

26
Scenario

• John has joined some friends in the pub after
  parade night.
• Hes talking about his cadets
• He doesnt realise that others are listening.
• He has left his phone on the table.
• It contains cadet phone numbers and addresses.

27
Things to remember

• Before you leave
• Check you have authority, only carry the minimum
  information you need and check that it is secure.
• What are you taking?
• All personal and sensitive information needs to
  be protected and should be secure and kept with
  you at all times.
• While you are out
• Assess the risks of being in a public place
  (external work sites all present different
  risks).

28
Summary

• When taking personal and/or sensitive information
  out and about consider
• The risk of the information being stolen or
  misplaced
• The risk of personal information being viewed by
  members of the public
• Ensure
• You are only taking information that you really
  need and that you are authorized to carry it.
• You keep the information with you at all times or
  store it securely.
• When in a public place with personal and/or
  sensitive information
• Stay vigilant.
• Double-check before going from one place to
  another that you havent left anything behind.
• Report anything missing to your commanding
  officer or line manger as soon as possible.

29
Sharing and sending information

• Make sure you safeguard personal information from
  strangers, and protect yourselves by being
  vigilant.
• Be aware that photographs may be sensitive and
  personal.
• Telephone calls can also give away information
  that can jeopardise safety.

30
Social networking sites

• Be very careful about the information you share
  online.
• Maintain security of colleagues, cadets and their
  families dont post information about them
  without their permission.
• Never publish personal data, such as bank account
  details and home addresses.
• Dont post pictures of others without their
  permission.
• Seek authorisation before publishing Sea Cadet
  information.
• If in doubt........dont!

31

• Be wary of the dangers associated with social
  networking sites.
• Your own reputation may be at risk, along with
  that of your family, friends and the Sea Cadets.
• Once the material is out there it is often
  impossible to remove it.
• Be sensible, do not publish anything you might
  later regret.
• This can apply to mobile phones and texting, too.

32
Our Responsibilities

• We all have different roles, but we have a shared
  responsibility to protect information.
• If you dont meet your responsibilities others
  could suffer and you could be disciplined.
• Lead by example.

33
What happens if it goes wrong?

• Our reputation is damaged.
• The risk of identity theft increases.
• The safeguarding of cadets is compromised.
• Disciplinary action may follow.
• You may have broken the law.

34

• Information is important and must be protected.
• Information is valuable. It helps our
  organisation to run smoothly and achieve its aims
  and objectives.
• Protect our information as if it were your own.
• Act responsibly and set an example.

35

• Remember that you are responsible for protecting
  the information and equipment you work with or
  come across.
• Go to your line manager or commanding officer
  for more advice.

36

• Dont let data loss beYOURfault.