- The identity of a client is always confirmed by staff before providing any personal data or taking instruction over the telephone.
- All staff are responsible for ensuring that any personal data which they hold is kept securely and that personal information is not disclosed either orally or in writing or otherwise to any unauthorized third party.
- All staff have access to system and shared drives which contain general documents. Access is restricted for sensitive documents as appropriate and which are password protected.
- Access to IT system of the company is restricted to staff based on their job profile. Staff access is reviewed and amended as and when necessary.
- The use of company laptops is restricted to specific individuals for the purpose of client presentations only. All individuals permitted to use laptops are aware that these must be used and secured appropriately. Following measures must be adhered to ensure safe keeping of laptops and data it contains:
- Ensure that the most up-to-date virus and malware protection products are installed
- Always use a strong password to protect your computer
- Use a password protected screen-saver
- Avoid leaving your laptop unattended and unsecured
- If leaving your laptop in a hotel room, use the room safe or lock it securely to an immovable object
- Do not connect laptops to any public network (public WIFI networks)
- If your laptop is lost or stolen, contact the IIB office for assistance
- The Insurance application will be accessed through encrypted htttps:// pages. User credentials will be stored in a secure local database and login will be through secure domain authentication.
- Data will be stored at a local server located at IIB office. This will be located in dedicated server room. As part of contingency plan in case of catastrophic event, data will be backed up real-time basis in a separate dedicated server by IIB.
- All servers, desktops, and laptops, would be secured by McAfee anti-virus protection.
- SonicWall Total Secure UTM for Internet Gateway Security to protect the entire network.
- Veeam Backup and Replication for Scheduled backups of all servers and user data.
- Each computer held onsite can only be accessed by a password which is individual for that person. We do not use a ‘common’ password. Where a member of staff leaves the company, their access is suspended. Employees are encouraged to set up password as per following guidelines:
- Be at least eight characters long
- Passwords may not contain words found in a dictionary
- Must NOT be anything easily associated with you (for instance, information someone could learn about you from Facebook) such as
- Your user id
- Your name
- Your phone number
- Your address
- Your pet’s name
- Your birthday
- Friends or family member names or birthdays
- Any other information that can be easily found about you
- Must include three of the following four elements
- Upper case letters
- Lower case letters
- Digits
- Punctuation
- Must not be shared with anyone, including your colleague(s).
- An anti-virus protection package is installed on all computers held onsite, which provides daily protection against viruses.
- Staff are required as best practice to lock their computer when they leave their workstation.