Introduction and Scope
Zeetta Networks Ltd (Zeetta) cyber security policy outlines the guidelines and provisions for preserving the security of Zeetta’s data and technology infrastructure. This policy should be read in conjunction with our data protection policy and the employee handbook.
Everyone, from customers and partners to employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect Zeetta’s systems and databases. You can contribute to this by being vigilant and keeping cyber security top of mind.
Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardize Zeetta’s reputation.
For this reason, Zeetta has implemented security measures. Zeetta jas prepared instructions to limit and mitigate security risks. Zeetta outlines these provisions in this policy. This policy applies to all Zeetta’s employees, contractors, volunteers and anyone who has permanent or temporary access to our systems and hardware.
Confidential data is secret and valuable. All employees are obliged to protect this data.
Our policy documents are designed to give all employees, contractors and others accessing this information, instructions on how to avoid security breaches.
Protect Personal and Company Devices
The Employee Handbook includes specific advice on how to manage equipment, security and passwords, including the use of personal devices. This policy should be read in conjunction with the Employee Handbook.
Zeetta will ensure it has:
- Installed firewalls, anti-malware software and access authentication systems along with physical and digital shields to protect information;
- Arranged for security training for all employees;
- Informed and updated employees about new scam emails or viruses and ways to combat them;
- Investigated security breaches thoroughly;
- Followed the policy provisions as employees do.
Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, Zeetta instructs employees to
- Avoid opening attachments and clicking on links when the content is not adequately explained in the email text (e.g. “watch this video, it’s amazing”);
- Be suspicious of clickbait titles (e.g. offering prizes, advice);
- Check the email and names of people they received a message from to ensure they are legitimate;
- Look for inconsistencies or giveaways (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks).
Manage passwords properly
Password leaks are dangerous since they can compromise Zeetta’s entire infrastructure.
Passwords must be strong so they are secure and can not be easily hacked. Passwords for individuals must remain secret to that individual. For this reason, we advise you to
- Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays);
- Remember passwords instead of writing them down or use an accredited password storage solution (e.g. Bitwarden) and if employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done;
- Exchange credentials only when necessary and when exchanging them in person isn’t possible, employees should prefer the phone instead of email, and only if they recognize the person they are talking to;
- Change their passwords in line with Employee Handbook guidelines.
To reduce the likelihood of security breaches, Zeetta instructs you to
- Turn off screens and lock devices when leaving your equipment unattended e.g. leaving your desk;
- Report stolen or damaged equipment as soon as possible to HR;
- Change all, related, account passwords at once when a device is stolen;
- Report a perceived threat or possible security weakness in Zeetta systems;
- Refrain from downloading suspicious, unauthorized or illegal software onto Zeetta equipment.
Transferring data securely
Transferring data introduces a security risk. You must
- Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless necessary;
- Share confidential data over the company network/ system and not over public Wi-Fi or private connection;
- Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies;
- Report scams, privacy breaches and hacking attempts;
- Use document passwords when transferring any sensitive information e.g. personnel data.
Scams and Breaches
You need to know about scams, breaches and malware so you can protect our infrastructure.
For this reason, Zeetta needs you to report perceived attacks, suspicious emails or phishing attempts as soon as possible to HR. All incidents reported will be investigated promptly with appropriate resolution action taken. You may be asked to participate in the investigation to understand the incident detail.
Internet Usage and Social Media
You will find detailed guidance on the use of internet connections and social media included in the Employee Handbook.
You must not avoid accessing suspicious or unknown websites at all times.
Anything you post on any social media channel, internal or external to the company, must be in line with the confidentiality policy and the data protection policy.
Zeetta cautions you to avoid violating anti-harassment policies or posting something that might make your collaboration with colleagues more difficult.
Any content posted must not state or imply that your personal opinions and content are authorized or endorsed by Zeetta. Zeetta advises using a disclaimer such as “opinions are my own” when in doubt to avoid any misunderstanding.
This policy applies to all employees, including remote employees.
When accessing Zeetta accounts and systems from a distance, you are obliged to follow all data encryption, protection standards and settings, and ensure the network being used for access is secure.
Zeetta expects you to always follow this policy. Failure to follow this policy may result in security breaches and trigger disciplinary action.
ZN-011-01-020 Cyber Security Policy v2.0 – 30 Mar 2023