Chapter 1, page 14:
Does your workplace have documented policies and
procedures for ensuring the security of people, places, and
data?
I work at a civil engineering company, and we do have
documented policies and procedures in place to ensure the
security of our clients and employees, offices, and our data.
All employees are required to have a chosen 4-word
passphrase for their computer access. Those who work
remotely are required to use FortiClient, a secure VPN to input
our SSO login credentials with two factor authorization for
added security to access our companies V-Drives. We have
monthly IT modules and safety emails sent out to all staff and
are required to read and acknowledge. These modules outline
proper procedures regarding how to protect access to data by
locking computers, changing our passphrases every six
months, multi-factor authentication, and cyber security
quizzes that keep us all up to date on new cyber hacking
efforts. Our IT department has been very proactive in pushing
out numerous training modules to keep our employees up to
date regarding cyber security, phishing, data leaks and
discussing confidential information regarding project details.
These modules are a great way to stay up to date and aware
of our cyber-safety within the office as well as outside the
workplace.
