Blog | G5 Cyber Security

Security Policy: What Employees Need to Know

G5 Cyber Security

TL;DR

This guide explains what our security policy means for you at different stages of your employment – from joining the company, during your day-to-day work, and if you ever leave. It’s about keeping our data safe, protecting ourselves from threats, and making sure we all follow best practices.

1. When You Join (First Week)

  1. Acceptable Use Policy: Read and sign the Acceptable Use Policy. This outlines what you can and cannot do with company devices and networks.
  2. Password Security: Create a strong, unique password for your accounts. We recommend using a password manager.
    • Minimum length: 12 characters
    • Mix of uppercase letters, lowercase letters, numbers, and symbols
    • Do not reuse passwords from other sites.
  3. Device Setup & Security Software: Your IT department will set up your company laptop/phone with essential security software (antivirus, firewall, etc.). Ensure it’s running correctly and updated. 
    # Example check for antivirus status (Windows)
  4. Data Classification Awareness: Understand the different types of data we handle (confidential, internal, public). You’ll receive training on this.
  5. Reporting Security Incidents: Learn how to report suspicious emails, lost devices, or any potential security breaches. Contact security@example.com immediately.
    • Don’t ignore anything that seems ‘off’.
    • Better safe than sorry!

2. Day-to-Day Work (Ongoing)

  1. Email Security: Be cautious of phishing emails.
    • Never click links or open attachments from unknown senders.
    • Verify requests for sensitive information via phone or in person.
    • Look for spelling and grammar errors, unusual sender addresses, and generic greetings.
  2. Data Handling: Follow data classification guidelines when storing, processing, and sharing data.
    • Confidential data should be encrypted both in transit and at rest.
    • Avoid saving sensitive files to personal devices or cloud storage.
  3. Secure Remote Access: If you work remotely, use a VPN (Virtual Private Network) to encrypt your internet connection. 
    # Example connecting to VPN (command line)
  4. Physical Security: Protect company assets from theft or damage.
    • Lock your laptop when leaving it unattended.
    • Secure sensitive documents in locked cabinets.
  5. Software Updates: Keep your software up to date. Updates often include security patches. 
    # Example checking for Windows updates
  6. Social Engineering Awareness: Be wary of attempts to trick you into revealing confidential information (e.g., phone calls, impersonation).

3. Leaving the Company (Final Week)

  1. Return of Assets: Return all company devices (laptop, phone, security badges, etc.).
  2. Account Deactivation: Your IT department will deactivate your accounts.
    • Ensure you have transferred any necessary files before deactivation.
  3. Confidentiality Agreement Reminder: Review and reaffirm your confidentiality agreement.
  4. Data Wipe: IT will wipe data from company devices to protect sensitive information.

Need Help?

If you have any questions about our security policy, please contact the cyber security team at security@example.com.

Exit mobile version