Our Policies > Security Policy
Created 2025/09/12
Policy brief & purpose
Carnelian Web Services’ cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure.
The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks and system malfunctions could cause great financial damage and may jeopardize our company’s reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.
Scope
This policy applies to all our employees, contractors, volunteers, and anyone who has permanent or temporary access to our systems and hardware.
Policy elements
Confidential data
Confidential data is secret and valuable. Common examples are:
- Unpublished financial information
- Data of customers/partners/vendors
- Patents, formulas or new technologies
- Customer lists (existing and prospective)
All employees are obliged to protect this data. In this policy, we will give our employees instructions on how to avoid security breaches.
Protect personal and company devices
When employees use their digital devices (cell phones, tablets, laptops) to access company emails or accounts, they introduce security risk to our data. We advise our employees and contractors to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:
- Keep all devices password protected.
- Choose and upgrade a complete antivirus software.
- Ensure they do not leave their devices exposed or unattended.
- Install security updates of browsers and systems monthly or as soon as updates are available.
- Log into company accounts and systems through secure and private networks only (if in doubt, use a VPN).
We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
Keep emails safe
Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
- Avoid opening attachments and clicking on links when the content is not adequately explained (e.g. “watch this video, it’s amazing.”)
- Be suspicious of clickbait titles (e.g. offering prizes, advice.)
- Check email and names of people they received a message from to ensure they are legitimate.
- Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks.)
Manage passwords properly
Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advice our employees to:
- Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)
- Remember passwords instead of writing them down, or use an approved password storage tool.
- Remembering a large number of passwords can be daunting. We will purchase a password management tool which generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the above-mentioned advice.
- Enable two-factor authentication wherever possible.
- Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t possible, employees should prefer the phone instead of email, and only if they personally recognize the person they are talking to.
Transfer data securely
Transferring data introduces security risk. Employees must:
- Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary.
- Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
- Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
- Report scams, privacy breaches and hacking attempts.
Additional measures
To reduce the likelihood of security breaches, we also instruct our employees to:
- Turn off their screens and lock their devices when leaving their desks.
- Report stolen or damaged equipment as soon as possible.
- Change all account passwords at once when a device is stolen.
- Report a perceived threat or possible security weakness in company systems.
- Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
- Avoid accessing suspicious websites.
Our company will have all physical and digital shields to protect information.
Take security seriously
Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.