Cyber Security Policy
WHAT IS THE PURPOSE OF A CYBER SECURITY POLICY?
Cybercrimes are becoming more widespread within all industries, making cyber security a top priority. Consequently, there has been a rapid increase in various cyber laws.
Having this Cyber Security Policy, we are trying to protect Hatrix Recruitment and Hatrix Recruitment’s client, employee, and job seeker data. This policy applies to internal stakeholders such as staff members, employees, job seekers, and anyone else who has authorised access to Hatrix Recruitment’s systems, software, and/or hardware. It establishes guidelines, procedures and best practices to protect data from unauthorised access. Additionally, Hatrix Recruitment would like to demonstrate to external stakeholders, for example clients, contractors and suppliers, our commitment to security and compliance.
WHAT TYPE OF DATA IS CONFIDENTIAL?
Confidential data includes, but is not limited to:
- Classified financial information
- Client data
- Employee and job seeker personal information
- Data about partners
- Data about vendors
- Patents, formulas, or new technologies
HATRIX RECRUITMENT AND USER RESPONSIBILITIES
Hatrix Recruitment have a responsibility to ensure staff members have a thorough knowledge of cyber security and provide regular security awareness training programs covering topics such as:
- Introduction to cyber security – what is it, why is it important and the potential impacts of security breaches on individuals and the company.
- Threat awareness – educate about the common threats such as phishing, malware, social engineering, ransomware and how to recognise suspicious emails, links and attachments.
- Password Security – emphasise the importance of strong passwords, avoidance of reusing passwords and the benefits of multi-factor authentication.
- Email and communication security – teach to identify suspicious emails, verify email senders, be cautious of email attachments and avoid sharing personal and/or sensitive information through unsecured channels.
- Secure internet and web browsing – Instruct on safe web browsing practices, avoid clicking suspicious links or pop-ups and ensure downloaded files are from trusted sources only.
- Data classification and handling - Explain the importance of data classification and how sensitive and confidential information should be handled. Provide training on data privacy regulations, secure data storage, and appropriate data sharing practices.
- Reporting security breaches - Provide clear instructions on how to report security incidents or suspected breaches. Outline the incident response process, including who to contact and the importance of timely reporting.
- Working remotely - address the security considerations and best practices for employees working remotely or using their personal devices for work purposes as well as providing guidelines for protecting sensitive data outside the office environment.
Staff members of Hatrix Recruitment have a responsibility to:
- follow the cyber security policies and guidelines provided.
- protect their login credentials and not share them with unauthorised individuals.
- use strong passwords and change them regularly.
- be vigilant for email scams, suspicious links, downloads, or potential security threats.
- Report security incidents and suspected vulnerabilities immediately.
ACCESS CONTROLS
Staff member access to information systems and data are based on job roles and responsibilities. Those without the requirement to access will not be granted access. Management will regularly review and approve staff member access.
When access to personal or sensitive information in required, multi-factor authentication mechanisms, have been implemented.
Logging in to any of Hatrix Recruitment’s accounts from personal devices such as mobile phones, tablets, or laptops, can put the company data at risk. Hatrix Recruitment does not recommend accessing any data from personal devices. If it is required, staff members are obligated to keep their devices in a safe place, not exposed to anyone else. It is recommended employees follow the below best practices:
- Keep all electronic devices' passwords secured and protected.
- Logging into accounts should be done only through safe networks.
- Install security updates on a regular basis.
- Upgrade antivirus software on a regular basis.
- Don't ever leave your devices unprotected and exposed.
- Lock your computers when leaving the desk.
- Follow the Cyber Security Policy
EMAIL AND WEB BROWSER SECURITY
Emails can carry scams or malevolent software (for example worms, bugs etc.). To avoid virus infection or data theft, our Policy is always to inform Employees to:
- Abstain from opening attachments or clicking any links in the situations when its content is not well explained.
- Make sure to always check email addresses and names of senders.
- Search for inconsistencies.
- Be careful with clickbait titles (for example offering prizes, advice, etc.).
In the case that an Employee is not sure if the email received, or any type of data is safe, they should always contact the Hatrix Recruitment office.
PASSWORD MANAGEMENT
To avoid account password from getting hacked, use these best practices for setting up passwords:
- Complex passwords with at least 8 characters (containing a combination of upper and lower-case letters, numbers, and symbols).
- Do not write down password and leave it unprotected.
- Do not exchange credentials when not requested or approved by your Manager/Supervisor.
- Change passwords every 3 months.
BREACH & INCIDENT RESPONSE
If a staff member becomes aware of a security threat or incident, it should be reported immediately to the Director/s. The incident is to be documented and investigated promptly and the appropriate actions taken to mitigate the impact of the security incident and prevent recurrence.
When best practices and/or the policy are not followed, disciplinary action against the offending staff member will be instigated. Anyone who disregards the policies will face progressive discipline and/or termination of employment. Disciplinary action includes:
- Evaluation of each incident.
- Assessment of the intent of each case or incident.
- In case of breaches that are intentional or repeated, and are harmful to Hatrix Recruitment, serious actions including termination may occur.
REPORTING A CYBER BREACH
Reporting a cyber breach to Hatrix’s Managed Service Provider (Aliva) and the management team is crucial for a swift and effective response. As soon as you suspect or identify a cyber breach, act promptly. Time is crucial in mitigating potential damage. Clearly identify and document the details of the breach. Note the date, time, and any specifics regarding the incident. If it's safe to do so, isolate affected systems to prevent the spread of the breach. Gather evidence related to the breach. This may include screenshots, error messages, or any other relevant information.
Once the evidence is collected, Email or Call Aliva on helpdesk@avliva.com.au or call 1300 134 090.
In your email or ticket, use a clear subject line that indicates the urgency and nature of the report. For example: "URGENT: Cyber Breach Report – Hatrix Recruitment." In the body of your communication, provide a detailed description of the breach. Include information on affected systems, potential causes, and any actions taken.
DATA TRANSFER, BACKUP & RECOVERY
Data transfer is one of the most common ways cybercrimes happen. Follow these best practices when transferring data:
- Avoid transferring personal or sensitive data.
- Adhere to personal data protection law.
- Data can only be shared over company networks.
Regular data backups are performed and tested to ensure data can be restored in case of a data loss event. Backups are stored securely offsite.
NETWORK SECURITY
Hatrix Recruitment engage a third party to oversee and manage network and data security. They are charged with implementing firewalls and intrusion detection systems to protect Hatrix Recruitment’s network from unauthorised access and malicious activities, and regularly reviewing and updating rulesets for such protections.
