CYBERSECURITY POLICIES AND PROCEDURES
Secure Use of Email and Defense Against Viruses
Users must be constantly vigilant against the threat of malicious code in the form of viruses.
In order to minimize the risk of introducing a virus to the network please follow the following code of practice:
- Don’t open attachments unless you know they are from a reliable source
- Always scan files from outside the organization before storing them on the network
- Ensure your virus-scanning software is working correctly
- Always report any virus-related messages you encounter to Shehu Asset Management, LLC.
- Don’t download unauthorized software or files from the Internet
Use of Passwords
The security of some of our data is only as strong as the password used to protect it. When creating a password try to make it as strong and un-guessable as possible. In particular:
• Make it at least 8 characters long
• Use numbers as well as letters
• Don’t use publicly-available information associated to you (name, children’s names, date of birth)
• Change your password at least every 30 days and more often if you think it has been compromised
• Never share your password with anyone else including staff, third parties or even us
• Don’t write your password down
• Use different passwords for different key systems where possible
Staying Secure When Offsite
Employees travelling on business are responsible for the security of information in their custody.
Employees should not take classified data offsite unless there is a valid reason to do so.
Whilst offsite:
• Don’t leave laptops or other portable IT equipment in an unattended vehicle
• Don’t advertise the fact that you have a device in your possession
• Ensure devices are protected from unauthorized access e.g. password
Physical Security
When locating computers and other hardware, suitable precautions are to be taken to guard against the environmental threats of fire, flood and excessive ambient temperature / humidity.
All employees are to be aware of the need to challenge strangers on the organization’s premises.
Due consideration must be given to the secure storage of paper documentation containing classified information e.g., customer files.
Reporting a Security Incident
All suspected Information Security incidents must be reported promptly to Shehu Asset Management, LLC.
Please provide the following information as a minimum when logging a Security incident:
• Name
• Department
• Contact Number
• Asset Number (if appropriate)
Description of the incident
• Current and/or potential impact
e.g., number of staff affected
Above all please think about what you are going to say, how will you explain your problem etc.
It is the responsibility of the user to:
• notify Shehu Asset Management, LLC immediately of any actual or potential breach of security
• record any information which may assist in the investigation of the incident (e.g. error messages)
• adhere to procedures when logging an incident
• remain courteous to the officers dealing with the incident
• request escalation if required by following the appropriate procedure
• adhere to policies and procedures relating to IT use, equipment maintenance and security
• Log out of the network and /or specific systems promptly when requested to do so
Printing Classified Information
Classified information should not be sent to an insecure, unattended printer where it may be seen or picked up by unauthorized people.
Where necessary, use the PIN protection facility on Multi-Function Devices provided.
Transferring Data Outside the Organization
Where appropriate, classified information or data should always be transmitted in encrypted form.
Prior to sending information to third parties, not only must the intended recipient be authorized to receive such information, but the procedures and Information Security measures adopted by the third party must be seen to continue to assure the confidentiality and integrity of the information.
If in doubt, please contact us for advice.
Sam Shehu at Shehu Asset Management, LLC 