Key security instructions

Everyone

1. Lock your screen while unattended
2. Don’t leave classified information unattended
3. Don’t share your passwords
4. Don’t write down your passwords
5. Beware of suspicious emails and attachments
6. Report suspicious behaviour immediately
7. Wear your badge at all times on premise
8. Identify unescorted strangers on premise
9. Do not use personal accounts (eg email, dropbox) for business
10. Report security incidents, concerns or vulnerabilities immediately
11. Do not store documents on your c drive
12. Protect company equipment offsite (laptops, mobiles, etc)
13. Use password protection on mobile phones
14. Report lost equipment immediately
15. Do not take equipment offsite without approval

Remote Workers

1. Use approved VPN client for remote access
2. Use anti-virus software on personal computers
3. Use a personal firewall
4. Use WPA2 for wireless access

Managers and Supervisors

1. Ensure your staff understand and adhere to security policies
2. Demonstrate support of information security policies and procedures
3. Document roles & responsibilities, processes and procedures
4. Provide incentive, training and time for continual improvement
5. Establish and monitor key performance metrics

System Administrators

1. Only use privileged access for authorized activities
2. Don’t use shared passwords
3. Consult with HR for any suspicious activity involving staff
4. Follow guidelines for collection of evidence