Policy Brief and Purpose
Away Together is a mobile application that connects the travel industry through guest to guest messaging as well as resort and business notifications. This cyber security policy outlines our guideline and provisions for preserving the security of our data and technology infrastructure.The Chief Operating Officer is responsible for this policy and ensuring its’ compliance as well as a bi- monthly review to ensure relevance.With a vast reliance on technology to collect, store, transmit and manage information, a company can be vulnerable to human error, hacker attempts and/or system malfunction. Away Together has implemented several security measures to prevent against these and other issues. To assist in mitigating these risks, the following provisions are outlined.
This policy applied to all Away Together employees, contractors, volunteers, interns and/or anyone who has permanent or temporary access to our systems and/or hardware.
Confidential data is secret and valuable. Common examples are:
All employees are obliged to protect this data. In this policy, Away Together will give our employees instructions on how to avoid security breaches.
Protect Personal and Company Devices
When employees use their digital devices to access company emails or accounts, they introduce a security risk. Away Together advises employees and clients to keep their personal and company-issued technology secure. They shall:
- Unpublished financial information
- Data of customers/partners/vendors
- Patents, formulas, code or new technologies and/or ideas
- Customer lists (existing and prospective)
- Strategies in either written or oral form
- Trade secrets
- Personal information of clients (end users, accommodations, supporting businesses)
Away Together also advises that employees and clients should avoid accessing internal systems and accounts from other people’s devices or lending their own device to others.
When new hires receive company-issued equipment/technology, they will
receive instructions for:
- Keep all devices password protected.
- Choose and upgrade a complete antivirus software.
- Ensure they do not leave their devices exposed or unattended.
- Install security updates of browsers and systems monthly, or as soon as updates are available.
- Log into company accounts and systems through secure and private networks only.
All employees should follow instructions to protect their devices.
Keep Emails Safe
Emails often host scams and malicious software. To avoid virus infection or data theft, Away Together instructs employees and clients to:
- Password management
- Installation of antivirus/anti-malware software
If an employee is unsure if an email is safe, the policy is simple – do not open or access the email.
Manage Passwords Properly
Password leaks are dangerous and can compromise the organization. Away Together advises employees and clients to:
- Avoid opening unknown emails and attachments and accessing the links
- Be suspicious of clever, clickbait titles (ie. prize offering)
- Check email and names of people they receive a message from to ensure legitimacy
- Look for inconsistencies or giveaways
Transfer Data Securely
Transferring data introduces security risk. Employees must:
- Choose passwords with at least eight (8) characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (ie. birthdays).
- Remember passwords instead of writing them down or storing them on a personal device. If a person needs to write information down, do so in a manner that does not list all information.
- Change passwords every sixty (60) days.
To reduce the likelihood of security breaches, Away Together also instruct employees to:
- Avoid transferring sensitive data (ie. customer information, employee records) to other devices or accounts unless necessary.
- Share confidential data over the company network/system and not over public Wi-Fi or private connection.
- Ensure that the recipient of the data are properly authorized people or organizations and have adequate security policies.
- Report scams, privacy breaches and hacking attempts.
Away Together also expects our employees to comply with our social media and internet usage policy.Cyber security on our external drive is fully managed by and by __ on the company owned laptops.
Remote employees have no exceptions to this policy.
Away Together expects all employees to abide by rules and regulations. Those who put the company at risk for a data or security breach may face disciplinary action:
- Turn off their screens and lock their devices when leaving their desks.
- Report stolen or damaged equipment as soon as possible to the COO.
- Change all account passwords immediately if a device is lost or stolen.
- Report a perceived threat or possible security weakness in company systems to the COO.
- Refrain from downloading suspicious, unauthorized, or illegal software on their company equipment.
- Avoid accessing suspicious websites.
The COO will lead the process in investigating any and all security and safety breaches.
Take Security Seriously
Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We all must remain vigilant and keep cyber security top of mind.
- First time, unintentional, small scale security breach: Away Together may issue a verbal warming and re-train the employee on security policies and procedures.
- ntentional, repeated or large scale breaches (which cause severe financial or other hardship/damage): Away Together will invoke a more severe disciplinary action, up to and including termination, after an investigation.