Cyber Security Management Compliance

1. Risk Management
We regularly identify and assess potential cyber risks through periodic internal reviews. This includes evaluating external threats (e.g. phishing, malware), internal risks (e.g. unauthorized access), and software vulnerabilities. Identified risks are prioritized based on their potential impact and likelihood, and we implement appropriate technical and procedural controls accordingly.

2. Secure Configuration
We ensure all software and systems are securely configured by:
o Disabling or removing unused services and default settings.
o Keeping all systems (OS, applications, CMS) updated with the latest patches.
o Using secure passwords and encryption protocols for databases and admin panels.
o Regularly scanning for known vulnerabilities and addressing them promptly.

3. Home and Mobile Working
For staff working remotely:
o Access is restricted via secured VPNs and multi-factor authentication (MFA) where applicable.
o Company devices are secured with firewalls and up-to-date antivirus protection.
o Staff are trained to avoid using public Wi-Fi for sensitive work and to protect physical documents and devices from theft or loss.

4. Incident Management
We have a basic incident response procedure in place, which includes:
o Regular backups stored both locally and on secure cloud storage.
o A defined process for isolating infected systems and restoring operations quickly.
o Documentation and review of incidents to improve future response.

5. Malware Prevention
o Anti-malware software is installed and updated on all company devices.
o Staff are educated about phishing emails, unsafe downloads, and suspicious links.
o Email filters are in place to block known threats and spam.

6. Managing User Access
o Access is granted strictly on a “need-to-know” basis.
o Each staff member has a unique login with appropriate role-based permissions.
o User accounts are reviewed periodically and deactivated immediately upon exit.

7. Monitoring
o All systems are monitored for unusual activity using logs and internal audit tools.
o Alerts are set up for unauthorized login attempts and data transfers.
o Regular reviews of access logs help us detect anomalies early.

8. Network Security
o Firewalls and routers are properly configured to protect internal systems.
o All network devices use strong passwords and secure communication protocols (e.g., HTTPS, SSH).
o Wi-Fi networks are encrypted (WPA2/WPA3), and guest access is isolated from the main network.