The purpose of this cybersecurity policy

The purpose of this information security policy template is to outline all the precautions we take to protect company technology and our data. That way, you’ll know how to identify and prevent potential digital security risks.

The scope of this cybersecurity

This information security policy applies to all employees (including remote, full-time, part-time, and contractors), interns, volunteers, and business partners with a company device or access to our data.

Our Cybersecurity Policy

What Is Cyber Security?

Cybersecurity refers to our efforts to protect confidential data. These efforts include online precautions (like spyware) and offline precautions (like protecting our devices). 

We consider confidential data to mean any sensitive information, including:

• Unpublished financial information.
• Customer, vendor, and partner data.
• New tech, patents, and formulas.
• Customer lists (current and potential).

Our Cyber Security Policy

[Company name] does everything in our power to protect our company data. Such as:

• Protecting personal and company devices.
• Keeping company emails safe.
• Keeping passwords private.
• Securely transferring data.

Let's dive into each of these in more detail.

Protecting Personal & Company Devices

In the past, we've found that when people use their work computers appropriately, we see fewer breaches. And as such, we have outlined a series of measures to ensure that your devices are cared for. 

We expect everyone to:

• Keep personal information and client data off your work devices.
• Password-protect all your devices (work and personal).
• Update your internet browsers and devices monthly — or whenever an update is recommended.
• Avoid downloading unauthorized software to your work computer.
• Stay away from suspicious or unsecured websites.
• Use private networks when logging onto your work computer (for example, opt for your personal hotspot over a coffee shop's wifi).
• Don't leave your devices unlocked or unattended — especially when in a public place.
• Lock your screen or turn off your device when you step away from your workspace.
• If the equipment is stolen or broken, report it right away to [HR or IT] immediately.
• Avoid downloading suspicious or illegal software to your work computer.

Please note that your work devices are only intended for your use, and lending it out or giving someone else access is never allowed. 

If you are a new hire, [IT] will give you detailed instructions for properly setting up your device when you get that device.  

Have questions about your device? Please contact [IT].

Keeping Company Emails Safe

Email is notorious for online scams and hacking.

So to avoid virus infection or data theft, we recommend:

• Deleting any suspicious emails without opening them (like ones with no subject lines).
• Not clicking on any links that don't have appropriate context on where they go.
• Double-checking where emails come from - especially if you are going to reply.
• Looking for errors within the email (such as excessive grammar and spelling errors).

If you're unsure about whether an email is a threat or not, feel free to ask [IT]. However, please send a separate email to get into contact, rather than forwarding the email in question.

Keeping Passwords Private

To ensure that your passwords are kept secret and secure, make sure you: 

• Create passwords with at least 8 characters — including an uppercase letter, lowercase letter, number, and symbol.
• Avoid passwords that include personal information that can easily be guessed (like birthdays).
• Do not duplicate passwords (meaning, do not use the same password for email and other accounts).
• Remember all your passwords or store them in a secure tool like [1Password].
• Avoid sharing any personal information or credentials over email.
• Switch up your passwords every few months, keeping all of the above in mind.

We understand that having several passwords to keep track of can be overwhelming. So [company name] provides a secure tool to help you create and store strong passwords called [1Password]. 

If you do not have access to this tool, please contact [IT].

Securely Transferring Data

Transferring data is necessary, but it also makes the data a lot more vulnerable to cybersecurity attacks.

So, keep our company information safe by:

• Only transferring data when absolutely necessary.
• When moving a mass amount of data or protected data (such as employee or customer info), ask [IT] for help.
• Sharing data only through secure company WiFi and systems - never via a public connection.
• Double-check that who you’re sending this data to is authorized to have said data and that they have the proper security measures in place on their end.

If you notice any suspicious activity, security breaches, or hacking attempts, please contact [IT] as soon as possible.

Additional Cyber Security Measures

In addition to general tech support, here are other measures [IT] takes to help keep our company data safe:

• Install anti-malware and virus protection software.
• Set up firewalls and other authentication programs.
• Hold cybersecurity training for employees company-wide.
• Update employees regularly on what they should look out for.
• Investigate all cybersecurity breaches thoroughly and takes the necessary follow-up action.

Disciplinary Action

If your actions threaten the security of our company data in any way, we will apply our [disciplinary action process] to resolve the issue. Each case will be investigated on an individual basis by [IT and HR].

Questions? Comments? Concerns?

Have a question about anything? Reach out to a [member of our IT/contact person].