Page 17 - Employee Handbook
P. 17

EMPLOYEE HANDBOOK
                                                                                                Version 2025.10.28



                   •   Employees must avoid storing sensitive data on personal devices or unapproved cloud services.
                   •   Employees must not share or disclose passwords, encryption keys, or access credentials unless authorized by
                       the IT Department.

              Cybersecurity Awareness and Training
                   •   The Company will provide cybersecurity training to all employees to ensure they understand common threats,
                       such as phishing, malware, and social engineering, and how to avoid them.
                   •   Employees  are  required  to  complete  bi-annual  cybersecurity  training  and  assessments  to  stay  updated  on
                       evolving threats and security practices.

              Incident Reporting and Response
                   •   Employees must report any suspicious activities, security incidents, or data breaches to the IT Department
                       immediately.
                   •   The Company has an incident response plan in place that includes steps for containment, investigation, and
                       remediation of security incidents. Employees are expected to cooperate fully with the IT Department during
                       incident investigations.

              Email and Internet Use
                   •   The Company’s email system is to be used for business purposes only. Employees must not send or receive
                       sensitive data via unsecured methods (e.g., unencrypted email or third-party file-sharing platforms).
                   •   Employees must avoid opening email attachments, links, or downloads from unknown or suspicious sources.
                   •   Internet usage should be limited to work-related activities. The Company reserves the right to monitor internet
                       usage to ensure compliance with this policy.

              Mobile Device Security
                   •   Employees  who  use  mobile  devices  for  Company  work  must  adhere  to  the  Company’s  mobile  device
                       management (MDM) policies.
                   •   Mobile devices must be password-protected, encrypted, and equipped with the necessary security software
                       (e.g., antivirus, VPN).
                   •   Lost or stolen mobile devices must be reported to the IT Department immediately to disable access to Company
                       systems.
              Remote Work and VPN
                   •   Employees  working  remotely  must  use  the  Company’s  approved  Virtual  Private  Network  (VPN)  to  access
                       Company systems securely.
                   •   Employees should ensure their home or remote work devices are secured with up-to-date antivirus software
                       and a secure internet connection.

              Physical Security
                   •   Company  devices  should  not  be  left  unattended  in  public  places.  When  working  remotely  or  in  public,
                       employees should ensure that devices are physically secured.
                   •   Employees must lock their computers when not in use and secure physical access to confidential documents.

              Third-Party Service Providers
                   •   All third-party vendors with access to Company systems or data must comply with the Company’s cybersecurity
                       policies and undergo a security risk assessment prior to engagement.





                                                             17
   12   13   14   15   16   17   18   19   20   21   22