Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute by being vigilant and keeping cybersecurity in mind. The more technology we rely on to collect, store and manage information, the more vulnerable we become to serious security breaches. Human errors, computer hacks and system disruptions can cause significant financial damage and damage our company`s reputation. In short and simple, this free cybersecurity policy model was created by Emma Osborn (of OCSRC Ltd)to help small businesses create their first cybersecurity policy document. Data transfer poses a security risk. University staff are not obligated to sign this agreement, but the Committee urges each department to consider adopting this agreement, if necessary, and to establish an internal process in which staff members can certify it both at the time of recruitment and on an annual basis. If this agreement does not exactly meet the specific needs of the departments, directors should discuss the changes with the Office of General Counsel. The policy has three main components.

Firstly, the introduction of the directive puts the document in context, contains important information on contacts and identifies the role of workers and contractors. Second, the directive sets out specific cyber security requirements that all staff should meet. These requirements include passwords, circumvention of security measures, notification of security breaches, use of non-business-related devices for connection with enterprise systems, software installation and risky internet behavior. Third, the policy identifies the types of measures that will constitute system abuse – which may constitute a disciplinary issue. In addition, employees who are observed as not complying with our safety guidelines face progressive discipline, even if their behaviour has not resulted in a safety violation. We expect all of our employees to always comply with this directive, and those who cause security breaches may face disciplinary action: when employees use their digital devices to access emails or corporate accounts, they pose a security risk to our data. We recommend that our employees keep their personal and company-exposed computers, tablets and mobile phones safely. They can do it if they do: that is why we have implemented a number of security measures.