Cybersecurity Policy

Zeetta Networks Corporate Policy

1.Introduction and Scope

Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. It should be read in conjunction with our data protection policy and the employment handbook.

Everyone, from our customers and partners to our employees and contractors, should feel that their data
is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all
contribute to this by being vigilant and keeping cyber security top of mind.
Human errors, hacker attacks and system malfunctions could cause great financial damage and may
jeopardise our company’s reputation.

For this reason, we have implemented a number of security measures. We have also prepared
instructions that may help mitigate security risks. We have outlined both provisions in this policy.
This policy applies to all our employees, contractors, volunteers and anyone who has permanent or
temporary access to our systems and hardware.

Confidential date is secret and valuable and all employees are obliged to protect this date. Our policy
documents are designed to give all employees, contractors and others accessing this information,
instructions on how to avoid security breaches.

2. Protect Personal and Company Devices

The Employment Handbook includes specific advise on how to manage equipment, security and
passwords, including the use of personal devices. This policy should therefore be read in conjunction
with the Employment Handbook.

The company will ensure it has:
● Installed firewalls, anti malware software and access authentication systems. Physical and
Digital shields will be in place to protect information.
● Arranged for security training to all employees.
● Informed employees regularly about new scam emails or viruses and ways to combat them.
● Investigated security breaches thoroughly.
● Followed this policies provisions as other employees do.

2.1Email

Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we
instruct employees to:
● Avoid opening attachments and clicking on links when the content is not adequately explained
(e.g. “watch this video, it’s amazing.”)
● Be suspicious of clickbait titles (e.g. offering prizes, advice.)
● Check email and names of people they received a message from to ensure they are legitimate.
● Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive
number of exclamation marks.)

2.2 Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should
passwords be secure so they won’t be easily hacked, but they should also remain secret. For this
reason, we advice our employees to:
● Choose passwords with at least eight characters (including capital and lower-case letters,
numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)
● Remember passwords instead of writing them down. If employees need to write their passwords,
they are obliged to keep the paper or digital document confidential and destroy it when their work
is done.
● Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t
possible, employees should prefer the phone instead of email, and only if they personally
recognise the person they are talking to.
● Change their passwords in line with employment handbook guidelines.

2.3.Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:
● Turn off their screens and lock their devices when leaving their desks.
● Report stolen or damaged equipment as soon as possible to HR.
● Change all account passwords at once when a device is stolen.
● Report a perceived threat or possible security weakness in company systems.
● Refrain from downloading suspicious, unauthorised or illegal software on their company
equipment.

3.Transfer data securely

Transferring data introduces security risk. Employees must:
● Avoid transferring sensitive data (e.g. customer information, employee records) to other devices
or accounts unless absolutely necessary.
● Share confidential data over the company network/ system and not over public Wi-Fi or private
connection.
● Ensure that the recipients of the data are properly authorised people or organisations and have
adequate security policies.
● Report scams, privacy breaches and hacking attempts.

4. Scams and Breaches.

All employees need to know about scams, breaches and malware so they can better protect our
infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails
or phishing attempts as soon as possible to the Head of Engineering or the CEO. All incidents reported
must be investigated promptly with appropriate action taken.

5. Internet Usage and Social Media

Detailed guidance is included in the Employment Handbook.

5.1Internet Usage

Suspicious or unknown websites should be avoided at all times.

5.2 Social Media

Anything posted on social media must be in line with the confidentiality policy and the data protection
policy at all times. We also caution employees to avoid violating anti-harassment policies or posting
something that might make your collaboration with your colleagues more difficult. Comments posted
shouldn’t state or imply that your personal opinions and content are authorised or endorsed by the
company. We advise using a disclaimer such as “opinions are my own” to avoid misunderstandings.

6. Remote employees

Remote employees and contractors must follow this policy’s instructions. Since they will be accessing
our company’s accounts and systems from a distance, they are obliged to follow all data encryption,
protection standards and settings, and ensure their private network is secure.

7. Disciplinary Action

We expect all our employees to always follow this policy and those who cause security breaches may
face disciplinary action.