These action steps are formulated through this Policy to mitigate the risk of any unauthorized access and loss or stolen information, which is strictly implemented by the Company and is part of data security.
Equipment provided by the Company, such as laptops, mobile devices, or computers, is solely for business use only. It is expected of every employee they utilize and maximize their equipment to deliver the assigned task and responsibilities. To that end, all employees shall:
1. Properly shut down or lock the laptop or computer when not in use.
2. Keep login credentials safely stored in a password management system provided by the Company. Employees should not share these credentials with any colleagues or anyone connected to the employee.
3. Beware of accessing any links that require details such as birthdates, card numbers, email addresses, ID numbers, and other related personal and sensitive data.
4. Avoid sharing any company data or information, especially with person/s not in the Company circle or in the business to know.
5. Always keep in mind that there is no place safe for the data, and avoid any applications or databases not configured or commissioned by the Company. There are proper safekeeping procedures and processes that need to be followed.
6. Never attempt to connect to any public wi-fi or mobile data from unknown sources that may risk the network. This includes airports, fast food chains, coffee shops, libraries, and malls as these places are a great opportunity for cybercriminals to execute their data hunting.
7. Use Company-provided secure equipment (e.g., USB sticks, flash drives, file shares, etc.) when transferring data within the Company. Do not use personal equipment as the IT department will provide an encrypted asset to ensure the security of the data files. The employee must not share files or data outside the company-owned equipment.
8. All data transported outside the Company via email or on portable devices (e.g., USB sick or laptop) must be encrypted in line with Company policy.
9. All employees are encouraged to keep a low profile and not post anything on social media that threaten someone’s security, especially regarding financial cards, whereabouts, or any details that may be used in unlawful activities.
10. All employees are encouraged to be educated about all the aspects of Data Privacy and Customer Protection for additional knowledge that could help in data protection awareness.