Policy on Information Security
1. Intent and Scope
This cybersecurity policy(policy) provides the basis of cybersecurity management within Inspiritive Pty Ltd.
This policy applies to all of Inspiritive Pty Ltd employees, contractors, volunteers, vendors and anyone else who may have any type of access to Inspiritive Pty Ltd systems, software and hardware.
Effective protection of business information creates a competitive advantage, both in the ability to preserve the reputation of Inspiritive Pty Ltd and in reducing the risk of the occurrence of negative events and incidents.
2. Password Requirements
To avoid employees’ work account passwords being compromised, these best practices are advised for setting up passwords:
Use at least 8 characters (must contain capital and lower-case letters, numbers and symbols)
Do not write down password and leave it unprotected
Do not exchange credentials when not requested or approved by supervisor
Change passwords every 4 months
3. Email Security
Emails can contain malicious content and malware. In order to reduce harm, employees should employ the following strategies:
Do not open attachments or click any links where content is not well explained
Check the email addresses and names of senders.
Search for inconsistencies
Block junk, spam and scam emails
Avoid emails that contain common scam subject lines such as prizes, products and money transfers
If an employee is not sure that an email, or any type of data is safe, the employee should contact Jules Collingwood on 0416 267 613.
4. Device Security and Using Personal Devices
Logging in to any work accounts for personal devices such as mobile phones, tablets or laptops, can put Inspiritive Pty Ltd data at risk. Inspiritive Pty Ltd does not recommend accessing any Inspiritive Pty Ltd data from personal devices. However, if this cannot be avoided, employees are obligated to keep their devices in a safe place and not exposed to anyone else.
Employees are recommended to follow these best practice steps:
Keep all electronic devices’ passwords secure and protected
Logging into accounts should only be performed through safe networks
Install security updates on a regular basis
Upgrade antivirus software on a regular basis
Never leave devices unprotected and exposed
Lock computers when leaving the desk
5. Transferring Data
Data transfer is a common cause of cybercrime. Employees should follow these best practices when transferring data:
Avoid transferring personal information such as customer data and employee information
Adhere to the relevant personal information legislation
Data should only be shared over authorised networks
If applicable, destroy any sensitive data when it is no longer needed
6. Physical Documents
Employees are required to ensure that:
All sensitive and confidential information in hardcopy form is secure in their work area at the end of the day
Printed documents containing sensitive and confidential information should be immediately removed from the printer
Any sensitive and confidential information must be removed from the desk and locked in a drawer when the desk is unoccupied and at the end of the work day
File cabinets containing sensitive and confidential information must be kept closed
and locked when not in use or when not attended
Keys used for access to sensitive and confidential information must not be left at an unattended desk
Upon disposal of sensitive and confidential documents, documents should be shredded in the official shredder bins or placed in the lock confidential disposal bins
Whiteboards containing sensitive and confidential information should be erased
7. Working Remotely
When working remotely, all cybersecurity policies and procedures must be followed.
8. Acceptable Use
User accounts on work systems are only to be used for the business purposes of Inspiritive Pty Ltd and not to be used for personal activities.
Employees are responsible for protecting all confidential information used and/or stored on their accounts. This includes their user logins and passwords. Employees are prohibited from making unauthorised copies of such confidential information and/or distributing it to unauthorised persons outside of Inspiritive Pty Ltd.
Employees must not purposely engage in any activity with the intent to: harass other users; degrade the performance of the system; divert system resources to their own use; or gain access to Inspiritive Pty Ltd systems for which they do not have authorisation.
9. Security Requirements
Employees must not install unauthorised software.
Employees must not use unauthorised devices on their workstations, unless they have received specific authorisation from Jules Collingwood.
Employees must not attempt to turn off or circumvent any security measures.
Employees must report any security breaches, suspicious activities or issues that may cause a cyber security breach to Jules Collingwood.
10. Disciplinary Action
If this policy is breached, one or more of the following disciplinary actions will take place:
Incidents will be assessed on a case-by-case basis
In case of breaches that are intentional or repeated or cases that cause direct harm to Inspiritive Pty Ltd, employees may face serious disciplinary action(c) Subject to the gravity of the breach, formal warnings may be issued to the