At EFutureTech we strongly believe that anyone who runs a business with any reliance on systems and data must protect their online presence. The aim of this document is to set forth the minimum information security guidelines and standards that are set forth across all business operations.
DEVICE SECURITY
Company Devices
Employees need to maintain the security of company issued devices by enforcing below steps:
- All company devices to be protected with an adequate password (see password management below)
- Company devices to be updated with the latest software releases and patches
- Devices to be locked when not in use or unattended
- Devices to be appropriately secured before employees leave desks and overnight
- Gain approval for removing devices from company premises
- Adhere to company policy regarding the installation of third-party applications and personal use
- Employees to take responsibility of company devices if removed from the business premises. IT to be notified immediately if the device is lost or stolen so that they can take the appropriate action
Personal Devices
If personal devices need to be used to access work information, then users need to adhere to below guidance.
- Personal devices must be password protected in line with password management guidance
- Employees to carry out only permitted tasks on a personal device
- Devices must have a full anti-virus software installed with all of the latest updates made
- Only make use of secure and private networks to log into company systems
- Ensure devices are secured and not left unattended at any time
EMAIL SECURITY
Below minimal steps are enforced on employees to ensure email security is guaranteed.
- Verifying the legitimacy of an email – is it from who it suggests it is from? Check the sender name, email address etc
- Avoid opening attachments or clicking on links included in emails which appear suspicious.
- Avoid opening emails with clickbait titles
- Look out for any significant errors relating to grammar in emails. This can be a sign of suspicious activity
- Report any suspicious emails to IT department as soon as you are able to do so
PASSWORD MANAGEMENT
Below minimal password policy is enforced across all users:
- Passwords should be a minimum of 8 characters in length
- Do not use common passwords or one-word passwords – e.g. password, abcdefgh, Iloveyou
- Do not reuse your company password for non-work-related purposes
- Make use of multi factor authentication where it is made possible.
- Do not share passwords with another employee. You must have an individual account for any company applications or systems that you make use of. If this is not possible, then consult a security specialist regarding the best way to manage shared access
- Do not write passwords down. If the business has implemented a password management tool, then employees should make use of this
SECURE DATA TRANSFER
Below minimal guidelines are enforced in order to ensure secure data transfers:
- Only transfer confidential data to other employees or third parties when absolutely necessary
- Only transfer confidential information over company networks
- Verify information relating to the recipient and ensure that they have sufficient security measures in place on their side before sending the data
- Gain sign off from a member of senior management for the data transfer
- Discuss any data transfers with a security specialist from the business before going ahead to ensure that it is done in a way that complies with company policy. E.g. the correct form of encryption is used for the data transfer, and the correct transfer method is used
- Ensure that data transfers take place in accordance with GDPR and any confidentiality agreements which may be in place
EFutureTech Systems (Pvt) Ltd
No.22/12, Kirulapone Avenue, Colombo 5, Sri Lanka
email: anjana@efuturetech.com
Hotline(s):+94777332307 / +94117-282800