Security Awareness

[Audio] Staff training programme to raise awareness of cyber threats and security measures to safeguard the data of our business & customers..

A finger pointing on a tablet with green neon lights.

A finger pointing on a tablet with green neon lights.

Best Practices. System Access Control & Password Management Password protection and permission levels will help to maintain confidentiality and reduce the risk of a breach. Access to computers, other electronic devices and systems must be password protected You must not share your unique credentials with anyone, nor access a system using someone else’s login credentials. Generic log ins will be available to use temporarily in the instances of forgotten credentials, and this will be managed by Jack Pike. Passwords must NOT be written down Addition, deletion and modification of User ID’s and permissions will be managed by those with granted permission Computers must be locked using the ‘ Windows + L’ key when not in use and when you leave your desk Users must log out and close all applications at the end of the day and when leaving their desks for prolonged periods of time. Access must be immediately revoked for anyone leaving the company..

Businessperson on a computer. Best Practices. The Importance of Strong Passwords Weak passwords are a leading cause of security breaches, and implementing password policies that require complex and unique passwords, with a requirement to be changed frequently, can help mitigate this risk: Passwords must be a minimum length of 12 characters, or 8 characters if the system does not support 12 Passwords must contain both numeric and alphabetic characters System5 & Infinity will force a password change every 90 days.

Best Practices. Worker typing on laptop. Access to Offices and Information As sensitive information is handled on site, there is a risk of a data breach from other staff & visitors on site. Access to the building is required by keycode. You must not share this code with anyone outside of West Quay Ltd. Access to cabinets & drawers containing sensitive information must be kept secure at all times, and keys must not be given to any third party at any time, or to any staff whose job does not require such access. Wherever possible, visitors should be seen in meeting rooms & steps should be taken to ensure no confidential information is visible (i.e. through office windows/screen share) At the end of each day, or when desks are unoccupied, all paper documents and other devices containing confidential information must be securely locked away. Any card information provided in the written form (i.e. from an order form) must be removed and shredded immediately after payment processing. Confidential information must be disposed of in the confidential waste bins provided..

Best Practices. Two telephones communicating. Telephone Communications As sensitive information is handled via the telephone, there is a risk of a data breach from other staff, visitors and even other customers overhearing you through a phone call with another operator. Card information must NEVER be repeated over the telephone Staff must always wear a headset and never have the customer on speakerphone. Staff must be careful about maintaining confidentiality when speaking in public places (i.e. when speaking on a mobile telephone)..

Best Practices. Woman signing contract. Transfer of Information As sensitive information may need to be transferred to other members of staff, or handled outside of the office on occasion, there is a risk of a data breach. Confidential information must be marked ‘confidential’ and circulated only to those who need to know the information in the course of their work for the Company. Card information must NEVER be transferred via slack, WIKI or email, or by any other electronic, written or spoken means. When sending sensitive or particularly confidential information by post, it must be sent recorded delivery. Care should be taken to ensure the delivery address is correct and information is verified before being sent. When sending sensitive or particularly confidential information by email, it must be encrypted. Care should be taken with email addresses where auto-complete features may have inserted incorrect addresses. Confidential information must not be removed from the Company’s offices unless required for authorised business purposes and when permitted to do so by management. Staff must ensure confidential information is: Stored on an encrypted device with strong password protection, which is kept locked when not in use When in paper copy, not transported in see-through or other unsecured bags or cases Not read in public places (i.e. waiting rooms, cafes, trains) Not left unattended of in any place where it is at risk (i.e. conference rooms, car boots, cafes).

Women working from home. Best Practices. Home Working As sensitive information may need to be handled when working from home, there is a risk of a data breach. The same rules apply to homeworking, as they do in the office surrounding the handling of data and security measures. Avoid public Wi-Fi networks when accessing company data and systems, as these are not as secure. Staff must not store confidential information on their home computers (PCs, laptops or tablets) Laptops must not be used for anything other than work-related purposes, and not used by anyone other than the staff member it has been issued to (i.e. no family/friends to use). When transporting your laptop to and from West Quay Ltd, you must ensure it is not left unattended..

Cloud shaped hard drive with cables. Best Practices.

Social Engineering & Phishing. Social engineering attacks account for a massive portion of all cyber-attacks, with more than 90% of successful hacks and data breaches starting with social engineering. Social engineering is a technique hackers use to manipulate and trick their victims into performing a desired action or disclosing private information. These usually come in the form of an email, but can be texts and phone calls as well..

Reporting a Breach. Exclamation mark on a yellow background.