This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.
WhatsApp Logo
×

Cyber Security Policy

 

  1. INTRODUCTION

The risk of data theft, scams, and security breaches can have a detrimental impact on a company's systems, technology infrastructure, and reputation. La Niche LLP (“La Niche”) has created this policy to help outline the security measures put in place to ensure information remains secure and protected.

 

  1. POLICY BRIEF AND PURPOSE

Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure.

The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardize our company’s reputation.

The purpose of this policy is to (a) protect La Niche’s data and infrastructure, (b) outline the protocols and guidelines that govern cyber security measures, (c) define the rules for company and personal use, and (d) list the company's disciplinary process for policy violations.

 

  1. SCOPE

This Policy has to be read with the Privacy Policy  This cyber security policy is for our employees, vendors, contractors and anyone else who may have any type of access to La Niche’s systems, software and hardware to refer to when they need advice and guidelines related to cyber law and cybercrime. Having this cyber security policy we are trying to protect La Niche's data and technology infrastructure. 

  1. POLICY ELEMENTS
  • Confidential Data

Confidential data is secret and valuable information that is not available to the general public. In general, it is personally identifiable information (as opposed to aggregated data) that is considered private in nature. All employees are obliged to protect this data. In this policy, proper training will be provided to our employees so as to avoid security breaches. La Niche identifies confidential data as follows:

  • Unpublished and classified financial information
  • Supplier and shareholder information.
  • Customer lists (existing and prospective)
  • Customer leads and sales-related data.
  • Patents, business processes and/or new methodologies
  • Employees' passwords, assignments, and personal information.
  • Company contracts and legal records.
  • Protect personal and company devices
  • When employees use their digital devices to access company emails or accounts, they introduce security risks to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:
  1. Keep all devices password protected.
  1. Choose and upgrade antivirus software.
  1. Ensure they do not leave their devices exposed or unattended.
  1. Install security updates of browsers and systems monthly or as soon as updates are available.
  1. Log into company accounts and systems through secure and private networks only.
  1. Obtain authorization from their HODs or IT Head before removing devices from company premises.
  1. Refrain from sharing private passwords with coworkers, personal acquaintances, or any other third party.
  • We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
  • When new hires receive company-issued equipment they will receive instructions for:
  1. Password management setup
  1. Installation of antivirus/ anti-malware software
  • Keep emails safe
  • Emails can carry scams or malevolent software (for example worms, bugs etc.) To avoid virus infection or data theft, La Niche instructs all employees to:
  1. Abstain from opening attachments and clicking on links when the content is not adequately explained (e.g. “watch this video, it’s amazing.”)
  2. Avoid clickbait titles and links. (e.g. offering prizes, advice.)
  3. Check email and names of people they received a message from to ensure they are legitimate.
  4. Look for inconsistencies or giveaways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks.)
  • If an employee is not sure that an email they received is safe, they can refer to our IT Department for the same.
  • Manage passwords properly
  • Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:
  1. Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)
  1. Remember passwords instead of writing them down. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done.
  1. Exchange credentials only when absolutely necessary. When exchanging them in-person is not possible, employees should prefer the phone instead of email, and only after prior approval from their HODs.
  1. Change their passwords every three months.
  • Transfer data securely
  • Transferring data introduces security risk. La Niche instructs that the employees must:
  1. Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our IT Department for help.
  2. Refrain from transferring classified information to employees and outside parties.
  3. Share confidential data only after over the company network/ system and not over public Wi-Fi or private connection.
  4. Obtain the necessary authorization from management.
  5. Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  6. Immediately alert the IT department of any breaches, malicious software, and/or scams.
  • Our IT Department needs to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to them. Our IT Department must investigate promptly, resolve the issue and send a companywide alert when necessary.
  • Our IT Department is responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.
  •  Additional measures
  • To reduce the likelihood of security breaches, our company instructs its employees to:
  1. Turn off their screens and lock their devices when leaving their desks.
  2. Report stolen or damaged equipment as soon as possible to [HR/ IT Department].
  3. Change all account passwords at once when a device is stolen.
  4. Report a perceived threat or possible security weakness in company systems.
  5. Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
  6. Avoid accessing suspicious websites.
  • Our IT Department should:
  1. Install firewalls, anti - malware software and access authentication systems.
  2. Arrange for security training for all employees.
  3. Inform employees regularly about new scam emails or viruses and ways to combat them.
  4. Investigate security breaches thoroughly.
  5. Follow these policy provisions as other employees do.
  • La Niche shall have all physical and digital shields to protect information.
  • Remote employees

Remote Employees or employees working from home must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure. We encourage them to seek advice from our IT Department.

  1. CERT

Further, under the Information Technology (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (“CERT-In Rules”), we are required to appoint a designated point of contact with the Indian Computer Emergency Response Team (“CERT-In”) to report any cyber security breaches or incidents.

In line with the CERT-In Rules, the point of contact with CERT-In is Dhara Shroff and they can be reached at info@opulin.com

  1. DISCIPLINARY ACTIONS

We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action:

  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security.
  • Intentional, repeated or large-scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination.
    We will examine each incident on a case-by-case basis
  • Additionally, employees who are observed to disregard our security instructions will face progressive discipline, even if their behaviour has not resulted in a security breach.
  1. CHANGES AND MODIFICATIONS
  • We reserve the right to update, change and modify this Policy at any time.
  • Such changes shall be effective immediately upon posting to the website.
  1. TAKE SECURITY SERIOUSLY

La Niche assures all its customers, employees, vendors, suppliers and contractors that their data is safe with us. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security in the top of mind.

Cart

No more products available for purchase