Security 

The more we rely on technology to collect, store and manage information, the more vulnerable we become to security breaches. Human error, hacker attacks and system malfunctions can cause great financial damage and may jeopardize our company’s operations. Therefore, it is essential that we be vigilant and do everything we can to protect our devices, networks, systems and equipment from being compromised.

This policy applies to anyone who has permanent or temporary access to our devices, networks, systems and equipment.

Confidential data

Confidential data is secret and valuable. Common examples are:

· Unpublished financial information

· Data of customers/partners/vendors

· Patents, formulas or new technologies

· Customer lists (existing and prospective)

You are obliged to protect this data. In this policy, we will give you instructions on how to avoid security breaches.

Protect personal and company devices

You must ensure that any devices you use to access our networks or systems are kept secure by taking steps such as the following: 

· Keep all devices password protected and use multi-factor authentication.

· Regularly upgrade antivirus software.

· Do not leave devices exposed or unattended.

· Regularly install security and operating updates of browsers and systems.

· Log into company accounts and systems through secure and private networks only.

You should avoid accessing internal systems and accounts from other people’s devices or lending your devices to others.

Keep emails safe

Emails are often the vehicles for scams and malicious software. To avoid virus infection or data theft:

· Avoid opening attachments and clicking on links when the content is not adequately explained.

· Be suspicious of clickbait titles (e.g., offering prizes, advice).

· Check email and names of people they received a message from to ensure they are legitimate.

· Look for inconsistencies or giveaways (e.g., grammar mistakes, capital letters, excessive number of exclamation marks).

If you are unsure about the safety or origin of an email, contact our IT HelpDesk.

Manage passwords properly

Password leaks are dangerous and can compromise our entire infrastructure. Passwords should be secure so they won’t be easily hacked and should also remain secret. Best practices include:

· Choosing passwords with at least eight characters (including a mix of capital and lower-case letters, numbers and symbols) and avoiding information that can be easily guessed.

· Remembering passwords instead of writing them down. If you need to write down passwords, keep the paper or digital document confidential and destroy it when your work is done.

· Sharing credentials with others only when absolutely necessary. When in-person exchanges aren’t possible, you should use the phone instead of email, and only if you personally recognize the person you are talking to.

· Changing passwords on a regular basis.

Transfer data securely

Transferring data introduces security risk. You must:

· Consider using encrypted email.

· Avoid transferring confidential or sensitive data (e.g., customer information, employee records) to other devices or accounts unless absolutely necessary. When a large transfer of such data is necessary, you must contact the IT HelpDesk for help.

· Share confidential data over the company network/ system and not over public Wi-Fi or private connection.

· Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.

· Report scams, privacy breaches and hacking attempts

The IT HelpDesk needs to know about scams, breaches and malware so they can better protect Steiner Electric’s infrastructure. For this reason, you must report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. 

The IT HelpDesk is responsible for advising you on how to detect scam emails. Steiner Electric encourages employees to reach out to them with any questions or concerns.

Additional measures

To reduce the likelihood of security breaches, you should:

· Turn off your screens and lock your devices when leaving your desk.

· Report stolen or damaged equipment as soon as possible to the IT Security team.

· Change all account passwords at once when a device is stolen.

· Report a perceived threat or possible security weakness in company systems.

· Refrain from downloading suspicious, unauthorized or illegal software on company equipment.

· Avoid accessing suspicious websites.

We also expect you to comply with our social media and computer/internet usage policies.

The IT HelpDesk will be responsible for:

· Installing firewalls, anti-malware software and access authentication systems.

· Arranging for security training to all employees.

· Informing employees regularly about new scam emails or viruses and ways to combat them.

· Investigating security breaches thoroughly.

Consequences of noncompliance

If you fail to take necessary security precautions, you may be subject to discipline, up to and including termination of employment.