This cyber security policy is for our employees, vendors and partners to refer to when they need advice and guidelines related to cyber law and cyber crime. Having this policy we are trying to protect beautyscrets.agency’s data and technology infrastructure.

This policy applies to all of beautyscrets.agency’s employees, contractors, volunteers, vendors and anyone else who may have any type of access to beautyscrets.agency’s systems, software and hardware.

Examples of Confidential Data

Some of the common examples of confidential data include:

  • Classified financial information
  • Customer data
  • Data about partners
  • Data about vendors
  • Patents, formulas or new technologies

Device Security- Using personal devices

Logging in to any of company’s accounts for personal devices such as mobile phones, tablets or laptops, can put our company’s data at risk. beautyscrets.agency does not recommend accessing any company’s data from personal devices. If so is inevitable, employees are obligated to keep their devices in a safe place, not exposed to anyone else.

We recommend employees to follow these best practices:

  • Keep all electronic devices’ password secured and protected
  • Logging into company’s accounts should be done only through safe networks
  • Install security updates on a regular basis
  • Upgrade antivirus software on a regular basis
  • Don’t ever leave your devices unprotected and exposed
  • Lock your computers when leaving the desk

Email Security

Emails can carry scams or malevolent software (for example worms, bugs etc.). In order to avoid virus infection or data theft, our policy is always to inform employees to:

  • Abstain from opening attachments or clicking any links in the situations when its content is not well explained
  • Make sure to always check email addresses and names of senders.
  • Search for inconsistencies
  • Be careful with clickbait titles (for example offering prizes, advice, etc.)

In case that an employee is not sure if the email received, or any type of data is safe, they can always contact our IT specialist.

Managing Passwords

To ensure avoiding that your company account password gets hacked, use these best practices for setting up passwords:

  • At least 8 characters (must contain capital and lower-case letters, numbers and symbols)
  • Do not write down password and leave it unprotected
  • Do not exchange credentials when not requested or approved by supervisor
  • Change passwords every 3 month

Transferring Data

Data transfer is one of the most common ways cybercrimes happen. Follow these best practices when transferring data:

  • Avoid transferring personal data such as customer and employee confidential data
  • Adhere to personal data protection law
  • Data can only be shared over company’s network

Working Remotely 

Even when working remotely, all the cybersecurity policies and procedures must be followed.

Disciplinary Action 

When best practices and company’s policy are not followed, disciplinary actions take place.

Some of the examples of disciplinary actions include:

  • In case of breaches that are intentional or repeated, and are harmful to our company, beautyscrets.agency will take serious actions including termination
  • Depending on how serious the breach is, there will be [x number] of warnings
  • Each incident will be evaluated
  • Each case and incidence will be assessed on a case-by-case basis
  • Everyone who disregards company’s policies will face progressive discipline