1. Introduction & Policy Statement 

Heckford Printers Limited t/a Heckford Advertising’s Cyber Security Policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. 

As we become more reliant on technology to collect, manage and store information, we become more vulnerable to security breaches. Human errors, hacker attacks and system malfunctions can cause great financial damage and can jeopardize our Company’s reputation. 

For this reason, we have implemented a number of security measures, and have detailed instructions which will reduce security risks. Both are outlined in this Policy. 

2. Scope 

This Policy applies to all our employees and contractors and anyone who has permanent or temporary access to our systems and hardware. 

3. Policy elements 

3.1 Confidential Data 

Confidential data is secret and valuable. Common examples are: 

  • Unpublished financial information 
  • Client lists (existing and prospective) 
  • Data of Clients / employees / suppliers 
  • Patents, formulas or new technologies 

All employees are obliged to protect this data. This Policy gives all employees instructions on how to avoid security breaches. 

3.2 Protect personal and Company devices 

When employees use their digital devices to access Company emails or accounts, they can introduce security risks to our data. We advise our employees to keep both their personal and Company-issued computer, tablet and cell phone secure. They can do this by: 

  • Keeping all devices password protected 
  • Choosing and upgrading antivirus software. 
  • Ensuring they do not leave their devices unattended. 
  • Installing security updates of browsers and systems monthly or as soon as updates are available. 
  • Logging into Company accounts and systems through secure and private networks only. 

Employees are also advised to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others. 

When a new employee starts and is provided with Company-issued equipment, they will receive instructions for: 

  • Password management setup 
  • Installation of antivirus / anti-malware software, if not already installed 

They should follow all instructions to protect their devices and refer to our IT personnel if they have any questions. 

3.3 Keep emails safe 

Emails often host scams and malicious software like viruses. To avoid virus infection or data theft, employees must: 

  • Avoid opening attachments and clicking on links when the content is not adequately explained (e.g. “watch this video, it’s amazing.”) 
  • Be suspicious of clickbait titles (e.g. offering prizes, advice.) 
  • Check email and names of people they received a message from to ensure they are legitimate 
  • Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks.) 

If an employee isn’t sure whether an email they have received is safe, they can refer to our IT personnel. 

3.4 Manage passwords properly 

Password leaks are dangerous as they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, our employees must: 

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.) 
  • Remember passwords instead of writing them down. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it if / when their employment ends. 
  • Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t possible, employees should prefer the phone instead of email, and only if they personally recognize the person they are talking to. 
  • Change their passwords every two months. 
3.5 Transfer data securely 

Transferring data can introduce security risks. Employees must: 

  • Avoid transferring sensitive data (e.g. Client information, employee records) to other devices or accounts unless absolutely necessary. When a mass transfer of such data is needed, we request employees ask our IT personnel for help. 
  • Share confidential data over the Company network / system and not over public Wi-Fi or private connection. 
  • Ensure that the recipients of the data are properly authorized people or organisations and have adequate security Policies in place. 
  • Report scams, privacy breaches and hacking attempts 

Our IT personnel need to know about any scams, breaches and malware so they can better protect our infrastructure. For this reason, our employees must report perceived attacks, suspicious emails or phishing attempts as soon as possible to our IT personnel, who will promptly investigate, resolve the issue and send a Companywide alert, if necessary. 

Our IT personnel are responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns. 

3.6 Additional measures 

To reduce the likelihood of security breaches, employees must: 

  • Turn off their screens and lock their devices when leaving their desks 
  • Report stolen or damaged equipment as soon as possible to our IT personnel 
  • Immediately change all account passwords if a device is lost or stolen 
  • Report a perceived threat or possible security weakness in our Company systems 
  • Refrain from downloading suspicious, unauthorised or illegal software on Company equipment 
  • Avoid accessing suspicious websites. 

We also expect all employees to comply with our Social Media and Internet Usage Policy. 

Our IT personnel will: 

  • Install firewalls, anti-malware software and access authentication systems. 
  • Arrange security training for all employees. 
  • Regularly inform employees about new scam emails or viruses and ways to avoid or combat them. 
  • Investigate security breaches thoroughly. 
  • Follow this Policy’s provisions as other employees do. 

Our Company will have physical and digital shields to protect information. 

3.7 Remote employees 

Remote employees must follow this Policy’s instructions too. As they will be accessing our Company’s systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure. 

We encourage you to seek advice from our IT personnel before you are due to work remotely. 

4. Disciplinary Action 

We expect all our employees to always follow this Policy, but anyone who causes any security breaches will face disciplinary action: 

  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security. 
  • Intentional, repeated or large-scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination. We will examine each incident on a case-by-case basis. Additionally, employees who are observed to disregard our security instructions will face progressive discipline, even if their behaviour hasn’t resulted in a security breach. 
TAKE CYBER SECURITY SERIOUSLY 

Everyone, from Clients and suppliers to our employees, should feel that their data is safe and the only way to gain trust in this regard is to proactively protect our systems. We can all contribute to this by being vigilant and by keeping Cyber Security in mind. 

27th January 2025