Cyber Security Policy

1. Introduction and scope

Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. It should be read in conjunction with our data protection policy and the employment handbook.

Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.

Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardise our company's reputation.

For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.

This policy applies to all our employees, contractors, volunteers and anyone who has permanent or temporary access to our systems and hardware.

Confidential data is secret and valuable and all employees are obliged to protect this date. Our policy documents are designed to give all employees, contractors and others accessing this information, instructions on how to avoid security breaches.

2. Protect personal and company devices

All employees are provided specific advice and information on how to manage equipment, security and passwords, including the use of personal devices.

The company will ensure it has:

  • Installed firewalls, anti-malware software and access authentication systems. Physical and Digital shields will be in place to protect information.

  • Arranged for security training to all employees.

  • Informed employees regularly about new scam emails or viruses and ways to combat them.

  • Investigated security breaches thoroughly.

  • Followed this policies provisions as other employees do.

2.1 Email

Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:

  • Avoid opening attachments and clicking on links when the content is not adequately explained.

  • Be suspicious of click-bait titles (e.g. offering prizes, advice.)

  • Check email and names of people they received a message from to ensure they are legitimate.

  • Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks.)

2.2 Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won't be easily hacked, but they should also remain secret. For this reason, we advise our employees to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)

  • Remember passwords instead of writing them down. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done.

  • Exchange credentials only when absolutely necessary. When exchanging them in-person isn't possible, employees should prefer the phone instead of email, and only if they personally recognise the person they are talking to.

  • Change passwords regularly and in line with company guidelines.

2.3. Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.

  • Report stolen or damaged equipment as soon as possible.

  • Change all account passwords at once when a device is stolen.

  • Report a perceived threat or possible security weakness in company systems.

  • Refrain from downloading suspicious, unauthorised or illegal software on their company equipment.

3. Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary, and only with senior management authorisation .

  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.

  • Ensure that the recipients of the data are properly authorised people or organisations and have adequate security policies.

  • Report scams, privacy breaches and hacking attempts.

4. Scams and breaches.

All employees need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to the Managing Director. All incidents reported must be investigated promptly with appropriate action taken.

5. Internet usage and social media

Detailed guidance is provided by the company.

5.1 Internet usage

Suspicious or unknown websites should be avoided at all times.

5.2 Social media

Anything posted on social media must be in line with the confidentiality policy and the data protection policy at all times. We also caution employees to avoid violating anti-harassment policies or posting something that might make your collaboration with your colleagues more difficult. Comments posted shouldn't state or imply that your personal opinions and content are authorised or endorsed by the company. We advise using a disclaimer such as "opinions are my own" to avoid misunderstandings.

6. Remote employees

Remote employees and contractors must follow this policy's instructions. Since they will be accessing our company's information, accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure.

7. Disciplinary action

We expect all our employees and contractors to always follow this policy and those who cause security breaches may face disciplinary action or termination of contract.