Professional Documents
Culture Documents
Free Cyber Security Policy
Free Cyber Security Policy
Free Cyber Security Policy
1. Introduction
1.1 This policy is intended to be a practical policy for everyday use within
and outside the workplace. The measures outlined in this policy will help
to protect your devices and data.
1.2 This policy should be read in conjunction with the Organization's Data
Protection and Communications Policies. Where a conflict arises between
this policy and the policies mentioned above – the policies above will
prevail.
1.3 If you have any questions regarding these guidelines and how they
apply to you, please consult the relevant manager before taking action
that may breach this policy.
2. Implementation
2.1 The Organization will provide full training on the use of the measures
detailed in this policy and will meet the full costs of implementing and
maintaining such measures.
2.2 Once full training has been provided, any failure to follow any
implemented measures detailed in this policy may, in serious cases, result
in disciplinary action.
3. Physical Security
3.1 All equipment (phones, computers, tablets) should be password
protected. Where possible biometric security should also be used, whether
fingerprint or face recognition. All devices should be set to lock after a
period of inactivity. This period of inactivity should be set to between two
and five minutes, with five minutes being the maximum.
5. Public WIFI
5.1 All public WIFI connections or WIFI connections provided by another
organization can be used but should always be used with your VPN.
6. Software Updates
All of your devices should be kept up to date, and updates and upgrades
should be set to automatic.
7. Passwords
7.1 All passwords (where possible) should be a mixture of letters,
numbers, and special characters (&%$! etc.) and should be a minimum of
eight characters.
7.2 Passwords should never contain a place name, first name, last name,
team name, or a word from the dictionary as these are easily guessed or
subject to so-called "dictionary attacks". Also, do not attempt to obfuscate
such a word by trivial means; for example, "newy0rk" or "$mith" these
too can be easily guessed.
11 Social Media
11.1 Social media sites and apps are an easy source of free information
that hackers can use. You are not paid to use social media, and the social
benefits of doing so are questionable.
11.4 Only provide limited information for any social media service and do
not provide different sets of information on each service, as this helps
build a fuller picture of you.
Email phishing
Attempts to obtain sensitive login information and/or bank or card details,
usually by informing you that your account has been locked, or there has
been suspicious activity on your account, or even that you have won
something, such as an Amazon gift card, etc.
Spear phishing
These are the same as general email phishing but provide some basic
information about you to make the email look legitimate. For example,
addressing you by your first name or full name. Or where they have
access to some recent contact data or other information. For example, a
spear-phishing email posing as a bank asking to confirm recent account
changes. This indicates that scammers can have knowledge of previous
contacts, probably from a source within the bank call center. This was a
particularly sophisticated attack.
Emergency emails
These tend to be bogus emergency requests to update an account. The
"emergency" is designed to pressure you to act. These frequently pose as
coming from a senior manager or director within the Organization and
may include their name and sometimes an email address that looks
almost identical to their legitimate email address. This sort of information
can be obtained through sites such as LinkedIn.
14. Questions
If you have any questions regarding this policy document and how it
applies to you, please consult [Insert manager's name].
15. Alteration of this Policy
This policy will be subject to review, revision, change, updating,
alteration, and replacement to introduce new policies from time to time to
reflect the changing needs of the business or to comply with new laws or
changes to existing laws. Any alterations will be communicated to you by
the manager named above.