Cyber Security Policy
Policy Purpose and Brief
This cyber security policy is for our employees, vendors and partners to refer to when they
need advice and guidelines related to cyber law and cyber crime. Having this cyber secruity
policy we are trying to protect [company name]'s data and technology infrastructure.
This policy applies to all of [company name]'s employees, contractors, volunteers, vendors
and anyone else who may have any type of access to [company name]'s systems, software
and hardware.
Examples of Confidential Data
Some of the common examples of confidential data include:
Classified financial information
Customer data
Data about partners
Data about vendors
Patents, formulas or new technologies
Device Security- Using personal devices
Logging in to any of company's accounts for personal devices such as mobile phones, tablets
or laptops, can put our company's data at risk. [company name] does not recommend
accessing any company's data from personal devices. If so is inevitable, employees are
obligated to keep their devices in a safe place, not exposed to anyone else.
We recommend employees to follow these best practices:
Keep all electronic devices' password secured and protected
Logging into company's accounts should be done only through safe networks
Install security updates on a regular basis
Upgrade antivirus software on a regular basis
Don't ever leave your devices unprotected and exposed
Lock your computers when leaving the desk
Email Security
Emails can carry scams or malevolent software (for example worms, bugs etc.). In order to
avoid virus infection or data theft, our policy is always to inform employees to:
Abstain from opening attachments or clicking any links in the situations when its content is
not well explained
Make sure to always check email addresses and names of senders.
Search for inconsistencies
Be careful with clickbait titles (for example offering prizes, advice, etc.)
� In case that an employee is not sure if the email received, or any type of data is safe, they
can always contact our IT specialist.
Managing Passwords
To ensure avoiding that your company account password gets hacked, use these best
practices for setting up passwords:
At least 8 characters (must contain capital and lower-case letters, numbers and symbols)
Do not write down password and leave it unprotected
Do not exchange credentials when not requested or approved by supervisor
Change passwords every [x] month
Transferring Data
Data transfer is one of the most common ways cybercrimes happen. Follow these best
practices when transferring data:
Avoid transferring personal data such as customer and employee confidential data
Adhere to personal data protection law
Data can only be shared over company's network
Working Remotely
Even when working remotely, all the cybersecurity policies and procedures must be
followed.
Disciplinary Action
We expect all our employees to always follow this policy and those who cause security
breaches may face disciplinary action:
First-time, unintentional, small-scale security breach: We may issue a verbal warning and
train the employee on security.
Intentional, repeated or large scale breaches (which cause severe financial or other
damage): We will invoke more severe disciplinary action up to and including termination.
We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will
face progressive discipline, even if their behavior hasn’t resulted in a security breach.
Take security seriously
Everyone, from our customers and partners to our employees and contractors, should feel
that their data is safe. The only way to gain their trust is to proactively protect our systems
and databases. We can all contribute to this by being vigilant and keeping cyber security top
of mind.
