Information security is everyone’s responsibility, and it requires a proactive approach to recognising and reporting lost, stolen and at-risk information. We need to stay vigilant for risks and incidents, and making the right people aware of them immediately. The faster you report, the faster Royal Mail Group can respond – working quickly to protect your work, the work of colleagues, our customer information, and our business.

For reporting purposes, we primarily consider information incidents and risks in three categories as follows.

IT-related risks and incidents

These relate to threats to electronic information, our software applications, electronic files, and the performance of our IT equipment. Look for: · Have you clicked or opened a suspicious link or attachment? This could be part of a phishing attack! · Suspicious websites and advertisements. These might contain viruses and malware that infect your computer or mobile device.

• Unusual computer or mobile device behaviour. This could indicate that your laptop or mobile device is already infected with a virus and malware. · Unauthorised access to information, particularly information classified confidential or strictly confidential.
• Inappropriate use of our IT network. For example, if you see someone viewing or downloading inappropriate files. · Suspicious emails, instant messages and texts. These might be phishing for your username and password.
• Received an unwanted email 

Report IT risks and incidents

If you identified a suspicious or phishing email and you want to report it, please send it to spam.awareness@royalmail.com. Report IT-related information issues to the RMG IT Service Desk. Or if you have clicked on a suspicious link or opened a suspicious attachment please report it to the RMG IT Self Service Centre or call 01246 282555. 

Physical risks and incidents

Physical risks and threats relate to our offices and physical IT equipment. Look for:

• Lost, stolen or unattended IT equipment or information.
• Unescorted strangers in the office that aren’t wearing an ID card or visitor badge.
• People who try to read your laptop, mobile device or printed documents over your shoulder (‘shoulder surfers’).
• People who try to trick you into revealing information face to face or on a telephone call.

Also watch out for “shoulder surfers”, people who try to read your laptop, mobile device or printed documents over your shoulder.

Report Physical risks and incidents Report physical information issues to Group Security. Call Post line 5474 6655 or email securityhelpdesk@royalmail.com

Personal information risk and incidents

Personal information refers to any data that can identify a person such as a customer or employee. This must be protected by law. If Royal Mail Group was to lose personal information we would be fined. If we lose customer payment information then the damage could be even more extensive.

You can report lost, stolen or at risk personal information to the Information Rights team.

Report Information risks and incidents Report issues relating to personal information to the Information Rights Team. Call 0114 241 4217 or email information.rights@royalmail.com

There are other risks and incidents that can be reported in Royal Mail. Some risks may not only by IT, physical or about personal information. Some risk will be an information security risks of non-personal information being at risk due to physical or IT controls. Other risks may be a colleague doing something that is against policy or your manager has asked for your login details so they can use a system you have access to, you can also report this as a risk of not wrong doing. Both of these risks can be reported

All information security incidents and risks Simply email RMG.information.security@royalmail.com for advice.

Report wrongdoing

If you witness wrongdoing, misconduct, illegal or unethical behaviour, then you should report it to your manager in the first instance. If you feel uncomfortable doing so, you can also use our independent Speak up service. Speak up can also be used to report fraud, bribery, corruption and financial malpractice. That allows you to report these kinds of incidents and risks anonymously.

Want to get in touch?

We’re always available to answer your questions or address your concerns about information security at Royal Mail Group. Simply contact Think Secure