1. Introduction and Scope
Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. It should be read in conjunction with our data protection policy and the employee handbook.
Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.
Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardize our company’s reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy. This policy applies to all our employees, contractors, volunteers and anyone who has permanent or temporary access to our systems and hardware. Confidential data is secret and valuable and all employees are obliged to protect this data. Our policy documents are designed to give all employees, contractors and others accessing this information, instructions on how to avoid security breaches.
2. Protect Personal and Company Devices
The Employment Handbook includes specific advice on how to manage equipment, security and passwords, including the use of personal devices. This policy should therefore be read in conjunction with the Employment Handbook.
The company will ensure it has:
- Installed firewalls, anti-malware software and access authentication systems. Physical and Digital shields will be in place to protect information
- Arranged security training for all employees
- Informed employees regularly about new scam emails or viruses and ways to combat them
- Investigated security breaches thoroughly
- Followed this policy’s provisions as other employees do
Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
- Avoid opening attachments and clicking on links when the content is not adequately explained (e.g. “watch this video, it’s amazing”)
- Be suspicious of clickbait titles (e.g. offering prizes, advice)
- Check email and names of people they received a message from to ensure they are legitimate
- Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks)
2.2 Manage passwords properly
Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:
- Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)
- Remember passwords instead of writing them down. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done
- Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t possible, employees should prefer the phone instead of email, and only if they personally recognize the person they are talking to
- Change their passwords in line with employment handbook guidelines
To reduce the likelihood of security breaches, we also instruct our employees to:
- Turn off their screens and lock their devices when leaving their desks
- Report stolen or damaged equipment as soon as possible
- Change all account passwords at once when a device is stolen
- Report a perceived threat or possible security weakness in company systems
- Refrain from downloading suspicious, unauthorized or illegal software on their company equipment
3. Transfer data securely
Transferring data introduces a security risk. Employees must:
- Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary
- Share confidential data over the company network/ system and not over public Wi-Fi or private connection
- Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies
- Report scams, privacy breaches and hacking attempts
4. Scams and Breaches
All employees need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to the Head of Engineering or the CEO. All incidents reported must be investigated promptly with appropriate action taken.
5. Internet Usage and Social Media
Detailed guidance is included in the Employee Handbook.
Suspicious or unknown websites should be avoided at all times.
5.2 Social Media
Anything posted on social media must be in line with the confidentiality policy and the data protection policy at all times. We also caution employees to avoid violating anti-harassment policies or posting something that might make your collaboration with your colleagues more difficult. Comments posted shouldn’t state or imply that your personal opinions and content are authorized or endorsed by the company. We advise using a disclaimer such as “opinions are my own” to avoid misunderstandings.
6. Remote employees
Remote employees and contractors must follow this policy’s instructions. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure.
7. Disciplinary Action
We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action.
V1 published Mar 2020, Zeetta Networks Limited