The purpose of this template is to outline all the precautions we take to protect company technology and our data. That way, you’ll know how to identify and prevent potential digital security risks.
Cybersecurity Policy Template
This template provides a basic structure for your cybersecurity policy. And it works as a starting point for building your company’s policy. We highly suggest adding, changing, or rearranging content to make it your own!
Start building your cybersecurity policyCustomize Template
This cybersecurity policy applies to all employees (including remote, full-time, part-time, and contractors), interns, volunteers, and business partners with a company device or access to our data.
What is cybersecurity?
Cybersecurity refers to our efforts to protect confidential data. These efforts include online precautions (like spyware) and offline precautions (like protecting our devices).
We consider confidential data to mean any sensitive information, including:
- Unpublished financial information
- Customer, vendor, and partner data
- New tech, patents, and formulas
- Customer lists (current and potential)
Our cybersecurity policy
[Company name]’s cybersecurity policy does everything in our power to protect our company data. Such as:
- Protecting personal and company devices
- Keeping company emails safe
- Keeping passwords private
- Securely transferring data
Protecting personal and company devices
In the past, we’ve found that when people use their work computers appropriately, we see fewer breaches. And as such, we have outlined a series of measures to ensure that your devices are cared for.
We expect everyone to:
- Keep personal information and client data off your work devices
- Password-protect all your devices (work and personal)/li>
- Update your internet browsers and devices monthly – or whenever an update is recommended
- Avoid downloading unauthorized software to your work computer
- Stay away from suspicious or unsecured websites
- Use private networks when logging onto your work computer (for example, opt for your personal hotspot over a coffee shop’s wifi)
- Don’t leave your devices unlocked or unattended – especially when in a public place
- Lock your screen or turn off your device when you step away from your workspace
- If the equipment is stolen or broken, report it right away to [HR or IT] immediately
- downloading suspicious or illegal software to your work computer
Please note that your work devices are only intended for your use, and lending it out or giving someone else access is never allowed.
If you are a new hire, [IT] will give you detailed instructions for properly setting up your device when you get that device.
Have questions about your device? Please contact [IT].
Keeping company emails safe
Email is notorious for online scams and hacking. So to avoid virus infection or data theft, we recommend:
- Not clicking on any links that don’t have appropriate context on where they go
- Double-checking where emails come from – especially if you are going to reply
- Looking for errors within the email (such as excessive grammar and spelling errors)
- If you’re unsure about whether an email is a threat or not, feel free to ask [IT]. However, please send a separate email to get into contact, rather than forwarding the email in question.
Keeping passwords private
To ensure that your passwords are kept secret and secure, make sure you:
- Create passwords with at least 8 characters – including an uppercase letter, lowercase letter, number, and symbol
- Do not duplicate passwords (meaning, do not use the same password for email and Trainual)
- Remember all your passwords or store them in a secure tool like 1Password
- Avoid sharing any personal information or credentials over email
- Switch up your passwords every few months, keeping all of the above in mind
We understand that having several passwords to keep track of can be overwhelming. So [company name] provides a secure tool to help you create and store strong passwords called [software].
If you do not have access to this tool, please contact [IT].
Securely transferring data
Transferring data is necessary, but it also makes the data a lot more vulnerable to cybersecurity attacks. So, keep our company information safe by:
- Only transferring data when absolutely necessary
- When moving a mass amount of data or protected data (such as employee or customer info), ask [IT] for help.
- Sharing data only through secure company WiFi and systems – never via a public connection.
- Double-check that who you’re sending this data to is authorized to have said data and that they have the proper security measures in place on their end
If you notice any suspicious activity, security breaches, or hacking attempts, please contact [IT] as soon as possible.
Additional IT cybersecurity measures
In addition to general tech support, here are other measures [IT] takes to help keep our company data safe:
- Install anti-malware and virus protection software
- Set up firewalls and other authentication programs
- Hold cybersecurity training for employees company-wide
- Update employees regularly on what they should look out for
- Investigate all cybersecurity breaches thoroughly and takes the necessary follow-up action
If your actions threaten the security of our company data in any way, we will apply our disciplinary action process to resolve the issue. Each case will be investigated on an individual basis by [IT and HR].
Questions? Comments? Concerns?
Have a question about this policy? Reach out to [IT contact].
Related TemplatesBack to all Templates
Your New Business Playbook Awaits
Thousands of growing companies, including those who’ve shared their stories here, are streamlining their processes, simplifying SOPs, and making onboarding and training a breeze with Trainual.