Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks and system malfunctions can cause disruption in service to our clients and productivity in our office. For this reason, a number of security measures have been implemented and instructions have been issued that help mitigate security risks. These provisions are outlined in this policy and apply to all employees and anyone who has permanent or temporary access to our systems and hardware.
1. CONFIDENTIAL DATA:
Common examples are:
- a) financial information of clients;
- b) client lists (existing and prospective);
- c) lender lists;
- d) real estate company lists.
All employees are obliged to protect this data and avoid security breaches.
2. PERSONAL AND COMPANY DEVICES
This policy contains instructions on how to avoid security breaches, protect personal and company devices. When employees use their digital devices to access company emails or accounts, they introduce security risk to our data. All employees are instructed to keep their company issued computer and cell phone secure. This is done by the following:
- a) keeping all devices password protected;
- b) installing antivirus software;
- c) ensuring devices are not left exposed or unattended;
- d) install security updates of browsers and systems monthly or as soon as updates are available;
- e) log on to company accounts and systems through secure and private networks;
- f) avoiding accessing internal systems and accounts from other people’s devices or lending their own devices to others.
When new employees receive company-issued equipment they receive instructions for:
- a) encryption setup;
- b) password management;
- c) installation of antivirus/anti-malware software.
3. KEEPING EMAILS SAFE
Emails often contain scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
- a) avoid opening attachments and clicking on links when the content is not adequately explained;
- b) be suspicious of clickbait titles (e.g. offering prizes, advice);
- c) check email and names of people they received a message from to ensure they are legitimate.
- d) look for inconsistencies (e.g. grammar mistakes, capital letters, excessive number of exclamation marks.) If an employee isn’t sure that an email they received is safe, they are instructed not to access the email and it will be referred to our IT Specialist.
4. MANAGE PASSWORDS PROPERLY
Password should be secure so they won’t be easily hacked. Employees are advised to:
- a) choose passwords with at least eight characters (including capital and lowercase letters, numbers and symbols);
- b) avoid information that can be easily guessed (e.g. birthdays.);
- c) change their passwords.
5. TRANSFERRING DATA
Transferring sensitive data (e.g. customer information, employee records) to other devices or accounts is done only when absolutely necessary. When transfer of such data is needed, it is done over the company network system and not over public Wi-Fi or private connection. We ensure that the recipients of the data are properly authorized and have adequate security policies.
6. SCAMS AND MALWARE
Employees are informed about scams, breaches and malware so they can better protect our infrastructure. Employees are advised to report perceived attacks, suspicious emails or phishing attempts as soon as possible. All reports are investigated promptly and a companywide alert is sent when necessary.
Everyone, from our clients and partners to our employees and contractors, should feel that their data is safe. This is done by proactively protecting our systems and databases, being vigilant and keeping cyber security a priority.