Table of contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Cyber Policy

1. Purpose

This Cybersecurity Policy outlines the measures taken to protect company data, client information, and IT systems against cyber threats. This policy applies to all employees, contractors, and third-party vendors accessing company systems.

2. Business Scope

Our business operates as a lease brokerage and property management company. We store and process sensitive landlord identification documents. The company utilises the following IT systems:

  • Laptops for all employees
  • Mobile phones for all employees
  • A company website
  • Zoho for CRM and document signing
  • Google Drive for cloud storage
  • Remote working environment

3. Cybersecurity Measures

3.1 Access Control

  • Employees must use company-assigned passwords and logins for access to Google and Zoho systems.
  • Multi-Factor Authentication (MFA) must be enabled where available.
  • Employee access levels are granted based on job roles and reviewed periodically.

3.2 Data Protection

  • All customer documents must be securely stored on Google Drive with restricted access.
  • Data encryption is applied where necessary to protect sensitive information.
  • Regular backups of critical business data are maintained.

3.3 Device Security

  • All company laptops and mobile phones must have McAfee security software installed and updated regularly.
  • Employees must ensure their devices have the latest security patches and updates.
  • No personal devices should be used for company operations unless authorised.

3.4 Employee Training

  • Employees must complete regular cyber awareness e-learning sessions.
  • Employees must report any suspicious emails or cyber threats immediately.

3.5 Incident Response

  • Any suspected data breach or cyber incident must be reported to management immediately.
  • The company will liaise with Zoho’s premium support team for security concerns related to CRM.
  • In case of a breach, a forensic investigation will be conducted, and affected parties will be notified as per GDPR requirements.

3.6 Third-Party Risk Management

  • Only approved third-party vendors with secure access protocols will be used.
  • Vendor security compliance must align with GDPR and ICO requirements.

4. Regulatory Compliance

  • The company is registered with the Information Commissioner’s Office (ICO) and adheres to GDPR regulations.
  • All employees must be aware of data protection obligations and handle personal data responsibly.

5. Policy Review & Enforcement

  • This policy will be reviewed annually (every 12 months) to ensure it remains effective and compliant.
  • Any violation of this policy may result in disciplinary action, including access restrictions or termination.