18 November 2019
myroyalmail is updated daily

Store information securely

Prevent a breach - keep your data out of reach!

Think Secure

Everyone at Royal Mail has a role to play in protecting our well-earned reputation as the best and most trusted. Make us proud and stand out from the crowd, by keeping Royal Mail (and yourself) at reach from a data breach.

These are our top three tips to store information securely:

  • Store information securely in a restricted access location
  • Set up access permissions and protocols correctly for only those that need it
  • Regularly review access to your sites, folders and files for appropriateness.

In your day to day role, you may have information that you need to store for future reference or there may be a legal or business reason that you have to retain it. However, if you do not manage your information or store it securely, it could be easily lost, or even worse, stolen. Check the protective mark (Public, Internal, Confidential, Strictly Confidential), understand the retention requirements (by reading our Corporate Retention Schedule), and select an appropriate storage location and/or solution. 

Still a bit unsure what to do? Not to worry, this guide will explain how to securely store such information.

Where can I safely store information?

Only store work related information on approved Royal Mail devices and technologies like your work laptop, shared file drive, RMG mobile deviceorapproved USB stick(or other removable media). Internal, restricted access SharePoint sites are also a great option to keep your information stored securely. It is our designated document repository which allows us to securely store and share files internally, and collaborate on documents together at any given time. It is restricted to the RMG network, so your information is protected from loss or theft.

Familiarise yourself with our useful tips for storing information securely in SharePoint.

We are here to help. Think Secure have created a step-by-step guide on how to store information on SharePoint securely, check it out here.

Remember:

  • Unapproved technologies such as Dropbox or Gmail must not be used to share or store any RMG information. They are not adequately protected and regularly targeted by hackers, and are therefore strictly prohibited. Don’t take the risk and avoid becoming an easy target.

Let’s take a closer look at storing information securely on your laptop.

Remember:

  • You should only be storing this information if there is a legitimate legal or businessneed to
  • When storing information on your Royal Mail device, you should store it in your ‘My Documents’ folder. This folder is synchronised to our central storage which means you can access this information from another RMG laptop if you log in with your Royal Mail credentials when connected to the RMG network. It also means that the information stored on your laptop can be recovered if your laptop is lost or stolen – clever right? This may not be the case if you store information on your desktop.

How can I restrict access to my information to only the people that need it?

Even when you store information in the right place, it’s essential that you set access permissions so only authorised colleagues can see it. Time and time again, organisations, just like us, fall victim to data breaches when our information is not securely stored, e.g. Greater Manchester Police were fined £150,000 after a USB stick containing data on police operations was stolen from an officer’s home (click here to find out more). As you can see when unauthorised individuals get their hands on our information, the consequences are often disastrous in terms of money lost, reputational damage and substantial fines. If you are storing information you should consider asking yourself the following questions:

  • What security classification is this piece of information?
  • Should my whole team be able to see it?
  • Who has a genuine need to know?
  • What measures can I put in place to protect it?

What should I do about the information stored in my inbox?

Your inbox stores a lot of information due to the volume of emails that you send and receive every day and may contain commercially sensitive or personal data of colleagues and/or customers.

You are encouraged to delete information you no longer need from your inbox, though there will be certain things that you have to keep as part of ongoing work and or for retention requirements. The following tips will help you understand what to keep and how best to organise the emails in your inbox:

  • Emails and attachments that record business transactions or decisions should be retained as records either in Outlook or as part of your work files or project records (e.g. on SharePoint or a secure network drive)
  • When setting up sub folders in Outlook name them in the same way that you name and structure your team folders in SharePoint or on a network drive
  • Ensure that the subject header is meaningful before filing an email. You can change the subject of emails you receive to make them easier to identify.

What about paper documents?

It’s not just digital information we need to store safely, we also need to protect physical information such as paper documents.

You can use designated cabinets or your work locker to store physical documents you need to keep hold of (it’s not just for gym gear!). Lock it away in a restricted access cabinet or locker, and keep the key or pin safe and secure! If you have a need to retain physical documents and do not have the space, contact the archiving team. Click here to find more guidance on how to store paper documents.

How does this relate to the Clear Desk and Clear Screen Policy?

This policy is about making sure that your information and equipment (that’s digital and physical information) is protected from unauthorised accessed, or theft while you are away from your desk. This policy applies when working at home and on the move too.

Top tip - Before leaving the scene, clear your desk and your screen.

Other useful tips for keeping your information you store secure:

To access our full ‘How To’ guide for storing information securely, click here.

For further information on how to protect information, visit www.myroyalmail.com/ThinkSecure.