Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. It should be read in conjunction with our data protection policy and the employment handbook.
Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.
Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardise our company's reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.
This policy applies to all our employees, contractors, volunteers and anyone who has permanent or temporary access to our systems and hardware.
Confidential data is secret and valuable and all employees are obliged to protect this date. Our policy documents are designed to give all employees, contractors and others accessing this information, instructions on how to avoid security breaches.
All employees are provided specific advice and information on how to manage equipment, security and passwords, including the use of personal devices.
The company will ensure it has:
Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won't be easily hacked, but they should also remain secret. For this reason, we advise our employees to:
To reduce the likelihood of security breaches, we also instruct our employees to:
Transferring data introduces security risk. Employees must:
All employees need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to the Managing Director. All incidents reported must be investigated promptly with appropriate action taken.
Detailed guidance is provided by the company.
Suspicious or unknown websites should be avoided at all times.
Anything posted on social media must be in line with the confidentiality policy and the data protection policy at all times. We also caution employees to avoid violating anti-harassment policies or posting something that might make your collaboration with your colleagues more difficult. Comments posted shouldn't state or imply that your personal opinions and content are authorised or endorsed by the company. We advise using a disclaimer such as "opinions are my own" to avoid misunderstandings.
Remote employees and contractors must follow this policy's instructions. Since they will be accessing our company's information, accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure.
We expect all our employees and contractors to always follow this policy and those who cause security breaches may face disciplinary action or termination of contract.
Compliance and risk are always a challenge. Ensuring a balance is maintained is more important and ever with overlapping regulatory regimes extending their reach across multiple sectors.