This document outlines 7 rules for information security: 1) Always follow information security policies and respect privacy laws; 2) Handle information carefully and securely store and dispose of documents; 3) Keep passwords and PINs secret, change them regularly, and do not share them; 4) Verify identities when sharing information; 5) Use email and the internet carefully and do not open strange emails or attachments; 6) Pay attention to physical security of equipment and question strangers; 7) Report security incidents like viruses, thefts, or losses.

1. 1
Information SecurityInformation Security
Toolbox Talk
This document is made available on the condition that it is used solely to assist you in the preparation of your own safety training
material. Use for resale or similar commercial activity to third parties is strictly forbidden. This document was produced for our
internal use only, and therefore it may not be suitable or sufficient for your purposes. No guarantees whatsoever can be given as to
their legal compliance or comprehensiveness, and you are responsible for obtaining professional advice and verification as to the
correctness or suitability of any training or documents which you produce which are based wholly or in part on these. No liabilities
whatsoever are accepted. It has been made available purely for information to others who may find them useful when formulating
their own safety training and procedures.
© A. Groves & Océ (UK) Ltd

2. 2
Rule 1Rule 1
 Always keep to our Policies
 Keep to our information security policies.
 Obey the customer’s information security rules.
 Respect the law and privacy legislation.
 Use approved hardware and licensed software only.

3. 3
Rule 2Rule 2
 Handle information with care
 Keep your desk / work area clear.
 Keep confidential information
protected (under lock & key) during
breaks and when going home.
 Remove printed matter from printers,
copiers and faxes immediately
 Dispose of documents and
digital media securely

4. 4
Rule 3Rule 3
 Keep your passwords and PINs secret
 Use quality passwords and PINs, and change them
regularly
 Keep your password and PINs secure
and don’t share them with anyone.
 Use password-protected screensavers.
 Log off and switch the PC off before
going home.

5. 5
Rule 4Rule 4
 Know whom you’re dealing with
 Exercise caution in conversations and professional
interactions.
 Ensure that you know who you are communicating with on
the phone, the internet or via e-mail.
 Use your best professional judgement when getting or
giving information.
Not everything is true.

6. 6
Rule 5Rule 5
 Use e-mail and the Internet with care
 Use e-mail and the Internet primarily
for business purposes.
 Don’t open any strange e-mails or
attachments and be careful when
downloading information.
 Don’t send strictly confidential
information via e-mail unless it is encrypted.
 Don’t access, download, store and send illegal or offensive
materials.

7. 7
Rule 6Rule 6
 Pay attention to physical security and
mobile equipment
 Escort guests and make sure they
wear their visitor badges.
 Question strangers about their
presence in your department.
 Protect your mobile equipment with a
password or PIN and don’t leave it
unattended.
 Avoid the use of non-company equipment on the company
network.

8. 8
Rule 7Rule 7
 Report incidents like viruses, thefts and
losses.
 Report suspicious activity at your workstation / area
immediately.
 Report all security incidents like thefts, losses, etc. to your
manager and security co-ordinator.