Introduction
Safeguarding the security of our systems and data is of paramount importance. Every user has a role to play in maintaining a secure environment.
This document outlines the responsibilities of the Administrative team for maintaining security and it provides tips for contributing to Tovuti’s overall security posture.
User Responsibilities
- Password Management
- Create Strong Passwords: Choose complex passwords that include a combination of upper and lower-case letters, numbers, and special characters. Avoid easily guessable information like birthdays or common words.
- Password Confidentiality: Keep your passwords confidential. Do not share them with anyone, including colleagues or family members.
- Regular Password Changes: Change your passwords regularly, as required by company policy. Never use the same password for multiple accounts.
- Enable Multi-Factor Authentication (MFA): Whenever possible, enable MFA for your accounts to add an extra layer of security.
- Device Security
- Lock Your Device: Lock your computer, smartphone, or tablet when not in use. Use a strong PIN, password, or biometric authentication.
- Install Security Updates: Keep your operating system, software, and apps up to date with the latest security patches and updates.
- Install Authorized Software: Only install software and apps approved by IT or your manager. Avoid downloading and installing software from untrusted sources.
- Data Handling
- Access Control: Only access data and systems that are necessary for your job responsibilities. Do not attempt to access unauthorized data or systems.
- Protect Sensitive Information: Treat sensitive and confidential information with care. Use encryption when sending sensitive data via email or other communication channels.
- Data Backup: Regularly back up your work and important data. Ensure backups are stored securely and are accessible when needed.
- Email and Communications
- Beware of Phishing: Be cautious of unsolicited emails, especially those asking for personal or financial information. Verify the sender's authenticity before clicking on links or downloading attachments.
- Report Suspicious Activity: If you suspect a phishing attempt or any other security incident, report it to IT or your supervisor immediately.
- Physical Security
- Secure Workstations: Lock your computer when you step away from your desk. Ensure that sensitive documents and devices are not left in plain view.
- Access Control: Do not let unauthorized individuals into secure areas or data centers. Report any suspicious activity to security personnel.
- Training and Awareness
- Stay Informed: Attend security training sessions and stay informed about security policies and best practices.
- Reporting Security Incidents: If you witness or suspect a security incident, promptly report it to the IT department or the designated security contact.
- Compliance with Policies
- Adhere to Company Policies: Familiarize yourself with and adhere to all company policies related to security. Non-compliance may result in disciplinary action.
Conclusion
Commitment to these security responsibilities is vital in protecting learning assets, data, and the reputation of both Tovuti and their customers.
By working together, we can maintain a secure and resilient environment for all users.