This Cybersecurity Policy addresses the guidelines of Goodwood Consulting for preserving the security of our data and technology infrastructure. The more we rely on technology to collect, store, and manage information, the more vulnerable we become to security breaches. Human errors, attacks, and system malfunctions could cause damage to the company and our clients and may jeopardize our reputation.
For this reason, we have implemented a number of security measures and prepared instructions that help mitigate security risks. This policy applies to all employees and anyone who has permanent or temporary access to our systems and hardware.
Confidential Data
Confidential data is secret and valuable. Common examples include unpublished financial information, customers/partners/vendors data, undisclosed intellectual property, customer lists (existing and prospective), and client information. All employees are obliged to protect this data.
Device Protection
- Keep all devices password protected
- Install and maintain antivirus software
- Never leave devices exposed or unattended
- Install security updates monthly or when available
- Log into company accounts through secure and private networks only
- Avoid accessing internal systems from other people’s devices
Email Security
- Avoid opening attachments and clicking links when content is not adequately explained
- Be suspicious of clickbait titles offering prizes or unsolicited advice
- Check email addresses and names for accuracy and legitimacy
- Look for inconsistencies such as grammar mistakes or excessive punctuation
- Refer any suspicious emails to management immediately
Password Management
- Passwords must have at least eight characters including capitals, lowercase, numbers, and symbols
- Avoid information that can be easily guessed
- Remember passwords rather than writing them down
- Exchange credentials only when absolutely necessary
- Change passwords every two months
- Use our authorized password management tool for secure storage
Secure Data Transfer
- Avoid transferring sensitive data to other devices unless absolutely necessary
- Share confidential data over company networks only — not public Wi-Fi
- Ensure recipients are properly authorized and have adequate security policies
- Report scams, privacy breaches, and hacking attempts immediately
Additional Measures
To further reduce the likelihood of security breaches, employees are instructed to:
- Turn off screens and lock devices when leaving them unattended
- Report stolen or damaged equipment as soon as possible
- Change all account passwords at once when a device is stolen
- Report any perceived threat or possible security weakness in company systems
- Refrain from downloading suspicious, unauthorized, or illegal software
- Avoid accessing suspicious websites
We also:
- Install anti-malware software and access authentication systems
- Provide security training to all employees
- Regularly inform employees about new scam emails or viruses and ways to combat them
- Investigate security breaches thoroughly
Remote Employees
Employees that work remotely must follow this policy's instructions. Since they access our company's accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure.
Disciplinary Action
We expect all employees to always follow this policy. Those who cause security breaches may face disciplinary action:
- First-time, unintentional, small-scale breaches may result in a verbal warning and additional security training
- Intentional, repeated, or large-scale breaches will invoke more severe disciplinary action up to and including termination
We strive to proactively protect our systems and databases. We maintain a continuous process of evaluation and improvement for our cybersecurity systems and processes. We address deviations from this policy promptly and investigate any known data breach or security incident, taking available corrective and preventative measures.