Looking after our information became a hot topic last week in Carnival House. Many of you took part in the interactive Atrium challenges to kick off our Ship to Shore, Always Secure campaign.
All six challenges focused on information security risks to Carnival UK – risks that if not handled in the right way, could cause harm to our Guests and our business. As promised, we’re sharing the answers so you can see how you got on and where you can improve.
Data Privacy: A Matter of Principle
This challenge was about handling Guest and company data in the right way. There are nine data privacy principles, but we focused on five. With GDPR, we’re more bound by these than ever.
Click on picture below to open, then click on the enlarge icon (cross, top right hand corner) to see full size.
Information Management: Fully Classified
This game involved sorting documents into their correct classification:
- Highly Sensitive: Things that can only be seen by the Executive Leadership Team.
- Confidential: Is the next level down, and includes all confidential Guest information.
- Internal: For use inside Carnival UK only
- Public: For all to view – internally and externally.
Have a look and see how you did, answers below…
Highly Sensitive – for Executive Leadership Team eyes only
- Strategic plans to increase P&O Cruises fleet – only for discussion at the Executive Leadership Team level
- Minutes from Executive meeting – the direct minutes from an Executive meeting
Confidential – for specific groups working on the project
- Guest email – not for consumption by everyone at Carnival UK
- Security review – restricted to the team working on the proposal
- Payslip – confidential to HR and the person in question
- Guest passport – not for consumption by everyone at Carnival UK
Internal – for anyone at Carnival
- Email – anyone at Carnival UK can see this
- NDA (Non disclosure agreement) – standard NDA from Carnival UK – anyone at Carnival UK can see it
Public – no restrictions
- Annual report – already in the public domain
- Job description – designed for public consumption
Phishing: Catch of the Day
How many phish did you catch? Did any catch you out?! The tell-tale signs are usually faked email addresses, ‘urgent’ requests often from someone you weren’t expecting, spelling mistakes and asking for personal information. Have a look and see how you got on…
Here are the 5 phishing emails, or ‘phish’, below: Click on picture below to open, then click on the enlarge icon (cross, top right hand corner) to see full size.
- NatWest – Urgent message, with spelling mistakes. A Bank would never contact you like this
- LinkedIn – Dodgy looking link to click
- Charity donation – Unofficial address with dubious looking link.
- Luckyme – Sense of urgency in the request. Unofficial looking signature
- Lost your records – Spelling mistakes throughout: Carnival UK spelled incorrectly as ‘Carnivale’
The other emails might have had one or two things that looked strange – you shouldn’t really have Netflix emailing you at work, but there was nothing to suggest they were bogus.
Remote working: Keep it Confidential
How many slip-ups did you spot during Terri’s phone conversation with Dan on the train? When we’re working remotely, the key things are being aware who’s around us, not talking about confidential issues out loud, keeping an eye on our belongings and not leaving things unattended. Oh and never sharing passwords!
The potential risks were:
- repeating the Guest list out loud
- writing Guest information on a post-it
- Leaving her computer unattended
- Sending data to her personal email address
- Texting/sharing a password
Social Media: Over and Above Board
Presented with 10 fake posts by Carnival UK employees on their own Facebook, Twitter and Instagram accounts, you had to decide whether they were ok (Above board) or not ok (Overboard) when considering Carnival UK. Basically, anything that might compromise Carnival UK’s reputation is a no-go. You can give your own opinion on your own sites, but think hard about whether that would reflect badly on our business. It’s very likely people will know who you work for, after all.
Click on picture below to open, then click on the enlarge icon (cross, top right hand corner) to see full size.
Above board
- Sunday lunch – positive photograph about Carnival UK. Fine to share
- Kicking off in Southampton – doesn’t damage the company reputation, though not great for Southampton
- Arriving in Palma – positive photograph about Carnival UK. Fine to share
- Jeremy Corbyn – this is personal opinion, and doesn’t reflect Carnival UK
- Red nose day – positive photograph about Carnival UK. Fine to share
Overboard
- Overpriced cruises – critical of Carnival UK publicly, when employed to work for us
- Ship design – this is confidential Intellectual Property not ok to share
- Day one at Carnival – confidential information in the background
- Cunard really is #1 – inadvertently critical of P&O Cruises
- Queen Mary in Barbados – never ok to post photographs of Guests
Workspaces: Spot the Breach
This was the desk installation, covered in possible information security breaches. It’s important when we’re in our own workspaces to be mindful of what we leave lying around – confidential information might be seen by third parties contractors, or other employees, who don’t have the right level of access.
The breaches were:
- Computer left on, and unlocked
- CV torn in half in the bin
- Security pass
- Personal review sheet, including salary
- Photocopy of an employee’s driving license
Prize draw
Did you enter your completed card into the prize draw?
Many congratulations to the 10 winners, listed below!
Please email: Naomi.clarke@Carnivalukgroup.com to arrange to collect your prize.
- Ben Roe – Echo Dot
- Karen Mcleod – Echo Dot
- Dan Mackie – Fire TV Stick
- Nonny Jarvis – Fire TV Stick
- Hannah Underwood – Mini WiFi Speaker
- Matt Owen – Mini WiFi Speaker
- Jackie Ball – TWS earphones
- Zosia Jakes – TWS earphones
- Mike Winterbottom – Fitness Tracker
- Rachel Gallimore – Fitness Tracker
Thank you to everyone who got involved in the event – from challenge-players to all facilitators who ran the stands. We couldn’t have done it without any of you!