CYBER SECURITY POLICY 

As virtual business Careers Collective take online security very seriously. Cyber Security is a real and present threat. 

Good cyber security relies on: 

● Robust internet management: browser security, email security, mobile security and cloud security, secure data transmissions and strong passwords 

● Network security covers the technology process and devices used all hardware, data and software 

All require human interaction to ensure these correct protocols are active and maintained. 

To minimise threats, all employees are instructed to put into place specific procedures regarding Cyber security and GDPR, these protect both themselves Vitruvia, our clients, our customers and our reputation from attacks which are distressing and impact on everyone’s business and personal security. 

Device Security 

It is vital that employees maintain the security of their devices, whether issued by the company or Bring your own device (BYOD) 

To achieve this: 

● All devices are to be protected with an adequate password (see password management below) 

● All BYOD to have a second user installed for work purposes 

● Devices to be updated with the latest software releases and patches

● Devices to be locked when not in use or unattended 

● Adherence to company policy regarding the installation of third-party applications and personal use 

● Employees to take responsibility for devices


Personal Devices 

If personal devices need to be used to access work information, then it is important that users adhere to this relevant guidance 

● Personal devices must be password protected in line with password management guidance 

● Employees to carry out only permitted tasks on a personal device 

● Devices must have a full anti-virus software installed with all of the latest updates made 

● Only make use of secure and private networks to log into company systems

● Ensure devices are secured and not left unattended at any time 

Email Security  

A significant number of cyber-attacks are launched via a technique known as phishing. And one of the most common ways to send a phishing attack is via email. Ensuring email security is the first line of defence to avoid becoming a victim of one of these types of attack. 

Actions employees to take when it comes to email security include:                

● Verifying the legitimacy of an email – is it from who it suggests it is from?                        

● Avoid opening attachments or clicking on suspicious links included in emails                

● Don’t open emails with clickbait titles 

● Look for any significant errors relating to grammar in emails. These can be signs of malicious activity 

● Report any suspicious emails 

Password management                                                                                                  

Passwords are the first lines of defence for robust security. 

Password Management policy: 

● Passwords must be changed regularly. Careers Collective’s company diary has dates in it to ensure these changes are implemented by one of the two Directors ● Passwords should be a minimum of 8 characters in length and include numbers, letters and symbols 

● Phrases or several words are preferable 

● Do not use common passwords or one-word passwords 

● Do not reuse your company password for non-work-related purposes ● Use of multi-factor authentication where ever it is possible 

● Do not share passwords with another employee

● You must have an individual account for any company applications or systems that you use 

● Do not write passwords down. Make use of a password management tool 

Secure Data Transfer                                                                                                                

Our Data and information security policy details the steps required of employees when it comes to data transfer. Not only will this help from a cyber security perspective but also help fulfil our data protection duties under GDPR. 

There are risks associated when transferring confidential data internally or externally. 

To minimise these risks: 

● Only transfer confidential data to other employees or third parties when absolutely necessary 

● Verify information relating to the recipient and ensure that they have sufficient security measures in place on their side before sending the data ● Gain sign-off from a director for the data transfer 

● Ensure that data transfers take place in accordance with GDPR and any confidentiality agreements which may be in place 

● Do not transfer data overseas 

Employees 

Cyber security and GDPR training is offered for all employees 

Written by Sally Everist July 2022

Reviewed: 21st June, 2025 

4