CYBER SECURITY POLICY

CYBER SECURITY POLICY


NMNTI's cyber security policy preserves the security of our data and technology infrastructure.

NMNTI relies more and more on technology to collect, store, and manage information. Hence, we have become more vulnerable to severe security breaches. Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardize NMNTI's reputation. For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks.

This policy applies to all NMNTI employees, contractors, and anyone who has permanent or temporary access to our systems and hardware.

Policy elements

Confidential Data

Confidential data is secret and valuable, which can be:

  • Unpublished financial information
  • Data of customers/partners/vendors
  • Patents, formulas, or new technologies
  • Customer lists (existing and prospective)

All NMNTI employees are obliged to protect this data. In this policy, we discuss how NMNTI will avoid security breaches.

Protect Personal and Company Devices

When NMNTI staff use their digital devices to access company emails or accounts, they can introduce security risks to their data. Therefore, we ask our staff to keep both their personal and company-issued computer, tablet and cell phone secure. They will have to:

  • Keep all devices password protected.
  • Choose and upgrade complete antivirus software.
  • Ensure they do not leave their devices exposed or unattended.
  • Install security updates of browsers and systems monthly or as soon as updates are available.
  • No external USBs are inserted into any device.
  • Log into company accounts and systems through secure and private networks only. We also advise our staff to avoid accessing internal systems and accounts from other people's devices or lending their own devices to others.

Keep Emails Safe

Corporate emails are powerful tools that help our staff in their jobs. NMNTI staff will use their company email primarily for work-related purposes. However, we want to provide employees with some freedom to use their emails for personal reasons.

Email is often the medium of hacker attacks, confidentiality breaches, viruses, and other malware. These issues can compromise NMNTI's reputation, legality, and security of our equipment.

Email Security

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won't be easily hacked, but they should also remain secret. For this reason, NMNTI employees must:

  • Select strong passwords with at least eight characters (capital and lower-case letters, symbols and numbers) without using personal information (e.g., birthdays.)
  • Remember passwords instead of writing them down and keeping them secret. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done.
  • Exchange credentials only when necessary. When exchanging them in person isn't possible, employees should prefer the phone instead of email, and only if they personally recognize the person they are talking to.
  • Change their passwords every few months.

To avoid virus infection or data theft, we instruct NMNTI employees to:

  • Avoid opening attachments and clicking on links when the content is not adequately explained (e.g., "Watch this video; it's amazing.”)
  • Be suspicious of clickbait titles (e.g., offering prizes, advice.)
  • Check the email and names of people they received a message from to ensure they are legitimate.
  • Look for inconsistencies or giveaways (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks.)
  • Keep their anti-malware programs updated.

If an employee isn't sure that an email they received is safe, they should not open it. They can check with the management.

Email Signature

NMNTI encourages employees to create an email signature that exudes professionalism and represents the company well. Salespeople and executives who represent our company to customers and stakeholders will pay special attention to how they close emails. An acceptable email signature can be as follows:

[Employee Name]

[Employee Title], [Company Name with link]

[Phone number] | [Company Address]

Employees can also include professional images, company logos and work-related videos and links in email signatures.

Transfer Data Securely

Transferring data can introduce a security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary.
  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  • Report scams, privacy breaches and hacking attempts.

NMNTI's IT specialist will need to know about any scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails, or phishing attempts as soon as possible to our specialist. Our IT specialist will investigate promptly, resolve the issue and send a company-wide alert when necessary.

Our Security Specialist is responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.

Additional Measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible to [HR/ IT Department].
  • Change all account passwords at once when a device is stolen.
  • Report a perceived threat or possible security weakness in company systems.
  • Refrain from downloading suspicious, unauthorized, or illegal software on their company equipment.
  • Avoid accessing suspicious websites.

NMNTI's security specialist will:

  • Install firewalls, anti-malware software and access authentication systems.
  • Arrange security training for all employees.
  • Inform employees regularly about new scam emails or viruses and ways to combat them.
  • Investigate security breaches thoroughly.
  • Follow this policy's provisions as other employees do.

NMNTI will have all physical and digital shields to protect information.

Disciplinary Action

All our employees are expected to always follow this policy, and those who cause security breaches may face disciplinary action:

  • For unintentional small-scale security breaches, we may issue a verbal warning and train the employee in security.
  • For intentional, repeated, or large-scale breaches (which cause severe financial or other damage), we may invoke more severe disciplinary action up to and including termination. We will examine each incident will be examined on a case-by-case basis.

Take Security Seriously

 Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.
Insert Image
>