This cyber security policy is for our employees, vendors and partners to refer to when they need advice and guidelines related to cyber law and cyber crime. Having this policy we are trying to protect [company name]’s data and technology infrastructure.
This policy applies to all of [company name]’s employees, contractors, volunteers, vendors and anyone else who may have any type of access to [company name]’s systems, software and hardware.
Examples of Confidential Data
Some of the common examples of confidential data include:
- Classified financial information
- Customer data
- Data about partners
- Data about vendors
- Patents, formulas or new technologies
Device Security- Using personal devices
Logging in to any of company’s accounts for personal devices such as mobile phones, tablets or laptops, can put our company’s data at risk. [company name] does not recommend accessing any company’s data from personal devices. If so is inevitable, employees are obligated to keep their devices in a safe place, not exposed to anyone else.
We recommend employees to follow these best practices:
- Keep all electronic devices‘ password secured and protected
- Logging into company’s accounts should be done only through safe networks
- Install security updates on a regular basis
- Upgrade antivirus software on a regular basis
- Don’t ever leave your devices unprotected and exposed
- Lock your computers when leaving the desk
Emails can carry scams or malevolent software (for example worms, bugs etc.). In order to avoid virus infection or data theft, our policy is always to inform employees to:
- Abstain from opening attachments or clicking any links in the situations when its content is not well explained
- Make sure to always check email addresses and names of senders.
- Search for inconsistencies
- Be careful with clickbait titles (for example offering prizes, advice, etc.)
In case that an employee is not sure if the email received, or any type of data is safe, they can always contact our IT specialist.
To ensure avoiding that your company account password gets hacked, use these best practices for setting up passwords:
- At least 8 characters (must contain capital and lower-case letters, numbers and symbols)
- Do not write down password and leave it unprotected
- Do not exchange credentials when not requested or approved by supervisor
- Change passwords every [x] month
Data transfer is one of the most common ways cybercrimes happen. Follow these best practices when transferring data:
- Avoid transferring personal data such as customer and employee confidential data
- Adhere to personal data protection law
- Data can only be shared over company’s network
Even when working remotely, all the cybersecurity policies and procedures must be followed.
When best practices and company’s policy are not followed, disciplinary actions take place.
Some of the examples of disciplinary actions include:
- In case of breaches that are intentional or repeated, and are harmful to our company, [company name] will take serious actions including termination
- Depending on how serious the breach is, there will be [x number] of warnings
- Each incident will be evaluated
- Each case and incidence will be assessed on a case-by-case basis
- Everyone who disregards company’s policies will face progressive discipline