Cyber Security Policy

Brief & Purpose

Our Firm’s cyber security policy outlines our guidelines and provisions for ensuring the security of our data and technology infrastructure.

The high dependency on technology to collect, manage and store information may make us more vulnerable to severe security breaches. Human errors, malicious attacks, and system malfunctions could cause prominent monetary damage or may result in jeopardising our Firm’s reputation.

Considering this, we have implemented several security measures implemented. We have also placed instructions and procedures that may help mitigate security risks. We have engulfed both provisions in this policy.

Scope

This Cyber Security policy applies to all our permanent and temporary employees, contractors, volunteers, and anyone who has permanent or temporary access to our systems and hardware.

Policy Components

Confidential data

Confidential data is secret and valuable to the Firm. Some common examples are:

  • Unpublished financial information
  • Data of clients/partners/contractors/vendors
  • Product/Methodology/Codes/Training Contents/Applications/Formulas or new technologies etc
  • Client lists (past, existing and prospective)

All employees are obliged to protect this data. In this policy, we will give our employees instructions on how to how to abstain from security breaches.

Personal and Firm Devices Protection

Employees while using their digital devices to access the Firm’s emails or accounts may introduce security risks to our data. We regularly advise our employees to keep their personal as well as Firm-issued computers, tablets, and cell phones secure. They can do this if they:

  • Keep all devices protected with strong passwords.
  • We use Mac based devices, company wide which provides all Mac based security features.
  • Install and upgrade a complete antivirus software(preferably antivirus provided by the operating system).
  • Ensure they do not leave their devices exposed or unattended, guiding them with the device-issued contract.
  • Install security updates of browsers and systems monthly as soon as updates are available.
  • Accessing Firm accounts and systems through secure and private networks only.

We also advise our employees against accessing the Firm’s internal systems and accounts from other people’s devices or letting others access their devices.

When new hires or prevailing employees receive Firm-issued gadgetry, they may receive instructions for:

  • Password management tool setup
  • Installation of antivirus/ anti-malware software
  • Best Practices Tutorial Video to ensure data safety
  • Employees are required to follow instructions to protect their devices and reach out to our Security Specialist if they have any questions.

Emails Safety

Emails often serve as a field to scams and malicious attacks. To avoid virus or data theft, we instruct employees to:

  • Avoid opening attachments and clicking on links when the content is anonymous, and the email is not from trustable source(e.g., “watch this video, it’s amazing.”)
  • Not to fall for clickbait titles (e.g., offering prizes, advice.)
  • Check email IDs and names of people they received a message from to ensure they are legitimate.
  • Look for minute clues (e.g., spelling mistakes, grammatical mistakes, capital letters, excessive numbers, exclamation marks etc.)

If an employee isn’t sure that an email they received is safe, they can refer to our Security Specialist.

Adequate Password Management

Password security is of high priority as leakage of this can be most dangerous since it can compromise our entire infrastructure and data. Not only should passwords be strong so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers, and special characters) and avoid information that can be easily guessed (e.g., birthdays, anniversaries, etc.)
  • Remember and never write down the passwords. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done
  • Never exchange credentials until and unless asked officially in writing from the firm’s authorised personnel
  • Change their passwords every quarter

We even have services of a reputed password management tool in place which generates random strong passwords and stores them. Employees dealing with critical data are obliged to create a secure password from the tool itself, following the above-mentioned advice.

Transfer Data Securely

Transfer of data securely is among our top priorities as it is prone to security risk. Employees must:

  • Avoid transferring sensitive and critical data (e.g., client information and data, employee records) to other devices or accounts unless necessary and authorised by the firm. Approach Security Specialists for any mass transfer of such data
  • Sharing of confidential data should not be done over public Wi-Fi
  • Ensure that the recipients of the data are properly authorised people or organisations and have adequate security policies
  • Report scams, privacy breaches, and hacking attempts immediately to Security Specialists

Our Security Specialists need to know about scams, breaches, and malware immediately so they can better protect our infrastructure. We advise our employees to report perceived attacks, suspicious emails, or phishing attempts as soon as possible to our specialists. Our Security Specialists must investigate promptly, resolve the issue and send a Firm-wide alert when necessary.

Our Security Specialists are appointed for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.

Additional Measures

To reduce the possibilities of security breaches, our employees are instructed to:

  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible to [HR/ IT Department].
  • Change all account passwords at once when a device is stolen or missing.
  • Report a perceived threat or possible security weakness in Firm systems.
  • Refrain from downloading suspicious, unauthorised or illegal software on their Firm equipment.
  • Avoid accessing suspicious websites.
  • Refrain from opening and responding to emails received from outside the Firm.

We also expect our employees to comply with our social media and internet usage policy.

Our Security Specialists should:

  • Install firewalls, anti-malware software, and access authentication systems.
  • Arrange for security-training for all employees.
  • Inform employees regularly about new scam emails or viruses and ways to combat them.
  • Investigate security breaches thoroughly.
  • Follow these policy provisions as other employees do.

Our Firm will have all physical and digital shields to protect information.

Remote Employees/Contractors

Remote employees must follow this policy’s instructions too. Since they access our Firm’s accounts and systems remotely, they are obliged to follow all data encryption, protection standards, and settings, and to ensure their private network security.

We encourage them to seek advice from our Security Specialists.

Disciplinary Action

Our employees are expected to follow this policy, and those causing security breaches may face disciplinary action:

  • First-time, unintentional, small-impact security breach: We may issue a verbal warning and train the employee on security and its best practices.
  • Intentional, repetitive or sizeable impact breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action to the extent of termination.

We will examine each incident on a case-by-case basis.

Additionally, employees who are disregarding our security instructions and policy will face progressive discipline, even if their behaviour hasn’t resulted in a security breach.

Security: A Serious Matter

Everyone, from our clients and partners to our employees, contractors, and vendors should be confident in their data safety. To achieve this, we have to proactively protect our systems and databases. Staying vigilant and keeping cyber security top of mind  can all contribute to this.

CHANGES

We may update this policy from time to time to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page. We also regularly update our policies to make them stronger with changing times.