Security Measures for Management Assistants in the Workplace
Learn about essential security practices for management assistants in the office, including handling confidential information, managing money securely, and safeguarding sensitive documents during temporary absences. Follow guidelines to protect information integrity, prevent theft, and ensure data security in the workplace.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
OFFICE PRACTICE N5 MALUTI TVET BETHLEHEM J CASTELYN
ACCESS CONTROL, SECURITY AND SAFETY SECURITY CONCERNING THE MANAGEMENT ASSISTANT S WORKSATION
5. SECURITY CONCERNING THE MANAGEMENT ASSISTANT S WORKSATION 5.1 DEALING WITH CONFIDENTIAL INFORMATION AND THE HANDLING OF MONEY 5.2 TEMPORARY ABSENCE FROM THE WORKSTATION AND SENSITIVE INFORMATION AND DOCUMNETS 5.3 DESIGNATED PERSONNEL DEAL WITH SENSITIVE INFORMATION 5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS
5.1 DEALING WITH CONFIDENTIAL INFORMATION AND THE HANDLING OF MONEY: HANDLING CONFIDENTIAL INFORMATION: don t let original doc or printouts lie around, lock them in their folders shred documents not in use. Only recycle shredded documents instead of originals printouts, even if they are faulty or outdated. Manage keys and don t leave it at the workstation. Only you and the senior should have keys and a spare key be kept off-site in another secure location. Separate confidential documents from other business documents. Follow company procedures about accessing confidential information. Keep a log of people having access to information in locked cabinets, listing their names, time and reason for access. Place documents face down on work surface print entire doc at end and not in stages don t send doc to photocopier unless doc are to be released using a password Don t leave originals in the copier.
5.1 DEALING WITH CONFIDENTIAL INFORMATION AND THE HANDLING OF MONEY: DEALING WITH MONEY: don t use money in the open/ in front of people, behind doors not handle alone, another to help count and co-sign not keep large amount of cash, deposit daily and on different times. Keep tight control of keys to the safe, cash box or drawer. Don t let it out of your sight or trust anyone with it. If money entrusted to you get lost or stolen, you are accountable. Don t leave money in the office overnight because it can get stolen. Don t stay at work after hours with money still in the office as this may increase the risk of an armed robbery. not use transparent cash boxes to transport or store have unobtrusive security support when deposit large amount of money install alarm where handle money Signed, dated and attached to petty cash voucher
5.2 TEMPORARY ABSENCE FROM THE WORKSTATION AND SENSITIVE INFORMATION AND DOCUMNETS DEFINITION: A temporary absence from the workstation refers to an absence ranging from a few hours to a day.
5.2 TEMPORARY ABSENCE FROM THE WORKSTATION AND SENSITIVE INFORMATION AND DOCUMNETS BASIC PRINCIPLES / GUIDELINES TO SAFEGUARD SENSTIVE INFORMATION WHEN TEMPORARY ABSENT FROM WORKSTATION: Hard copies to be filed daily and locked away in file cabinets. Storage devices be locked away or put away out of sight when not in use. Keys for cabinets and offices be put in a safe place. Lock drawers and cabinets and keys stowed safely. Sensitive documents should be kept in a filing cabinet or vault. Passwords must be used to gain access to computers. Do not use familiar names or the same password for more than one computer. Back-up copies of documents must be made in case of power failure/surges. Surge-suppressors act as an additional protection against electricity surges. Anti-virus programmes and firewalls must be installed on all computers to prevent illegal access by hackers. Anti-theft devices that protect hard-drives, laptops or notebooks are a good investment. A list of people involved with sensitive documentation and its routing must be compiled. A confidentiality clause about the no-disclosure of confidential information must be signed by staff members.
5.2 TEMPORARY ABSENCE FROM THE WORKSTATION AND SENSITIVE INFORMATION AND DOCUMNETS SAFEGUARDING INFORMATION ON THE COMPUTER: Never send sensitive, confidential or private information such as identity numbers or bank details or database via e-mail. If such information must be sent over the internet, first ensure the receiving site is secure. When receiving e-mail from unknown source with a suspicious link, do not open the link or sent information to the site. Do not use identifiable passwords/usernames when participating in chat groups on the internet. Ensure firewalls and anti-virus programmes are regularly updated. Employee own dedicated computer IT personnel to do repairs not he business computers than to make use of the services of private companies.
5.3 DESIGNATED PERSONNEL DEAL WITH SENSITIVE INFORMATION STAFF ALLOWED TO HANDLE CERTAIN DOCUMENTS HAVING ACCESS TO SPECIFIC INFORMATION: FINANCE DEPARTMENT STAFF: Work with financial sources, source documents, allocation of monies, transfer of money and ledgers. HUMAN RESOURCES STAFF: deal with employment contracts, staff training records, staff absence, disciplinary hearings. RESEARCH AND DEVELOPMENT STAFF: developing new formulas/products and patents. ADMINISTRATIVE STAFF: keep files safe, regularly file and follow specific process when accessing files especially using centralised filing. CLASSIFY documents/ information according to sensitivity, importance and staff allowed access with written permission. Only certain staff allowed access to certain documents and have access to certain information. Guidelines regarding documents and information electronically / physically must be clear to all staff working with it.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS Use lockable filing cabinets/storerooms for document safekeeping and a vault for money. Use firewalls. Use password protection. All office doors should be locked. Encrypt document files so that even if a business computer gets stolen, the user will need a password or key to unscramble the information. Filing cabinets must be durable and secure. Determine persons having access to which areas after hours and ensure only they have access. Only certain people should know where, how and when specific documents, electronic data and money are stored and which storage equipment are used.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS Storage facilities and equipment must be fireproof. Access to photocopiers should be prohibited after hours as safety precaution. Remove all previous employees access from the company system. Assign file permissions to restrict who can view or change a document. Implement information rights in documents to limit the amount of printout that can be made of the file, the timeframe in which the file can be opened or forwarded to unauthorised recipients. Update the security system to try to prevent theft once the office is broken into CCTV/ guards/ armed response etc.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS (electronic data) PHISHING: An illegal attempt to steal another person s personal details or identity. A scam whereby an e-mail, seeming to have originated from a credible organisation. Contains official looking correspondence and asks the recipient to supply personal information, such as identity number, address, telephone number or pin number The name derives from fishing the e-mail is cast as bait, waiting for an inexperienced person to bite. No bank/credit card company will ever send and e-mail to a client to ask for personal updates on a e-mail or via the internet.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS SPOOFING: Unauthorised access by intruders to a computer by means of a message that seems to be from a trusted site/host. E-mail appear to be sent from a trusted company, but its not. Messages are sent by spammers, in the hope people will open the message and respond. Sometimes products/services are offered. The aim is not to sell anything, but to get the recipient s personal details when they respond to the e-mail.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS HACKING: Are computer programmes written in order to break into a computer or network system. It is illegal. The aim is to destroy information whilst at the same time gaining something in the process. Done through the internet and transform information, such as credit card information. Are able to withdraw money from that account by transferring it to their own account. Can get access to crucial company information and then attempt to blackmail the company in exchange for their silence. Hackers have destructive mindsets, but enjoy media coverage because of damage they have caused.
5.4 SAFE-KEEPING OF SENSITIVE DOCUMENTS, ELECTRONIC DATA AND MONEY AFTER HOURS FIREWALLS: Filter all information from the internet to your private or company network. Users set parameters/rules, for the firewall. Messages/websites that fall outside the set parameters for the specific firewall will be allowed to open on the computer or network your computer is connected with. Regarded as the first line of defence in the protection of private information. Protects the computer from intrusion by hackers or viruses. WATERMARKS: Used on documents which are sensitive is another way to protect their use. Documents can be watermarked using a special machine. The watermark is not visible to the naked eye, but can be seen with a sophisticated reader or when the document is printed, photocopied or scanned.