top of page
Search

Cyber Security Policy

  • Mar 31
  • 5 min read

1. PURPOSE

This Cyber Security Policy includes guidelines and provisions for security measures to help mitigate cyber security risk at DCIRS Community Care (“DCIRS” or “company”). It applies to all company workers, contractors, volunteers, and anyone who has permanent or temporary access to the company’s systems and hardware.

This Policy will commence from 5 August 2025. It replaces all other cyber security policies of DCIRS (whether written or not).


2. APPLICATION

This Policy applies to employees of DCIRS. All non-employees, such as agents and contractors (including temporary contractors) of DCIRS are expected to abide by this policy for the duration of their work period or contract. All relevant individuals are collectively referred to in this Policy as “worker”. The Policy includes work that is undertaken away from the usual workplace.


3. CONFIDENTIAL DATA

Confidential data is valuable and is to be kept secret. Company confidential data includes:

  • Unpublished financial information

  • Data of customers/partners/vendors

  • Patents, formulas or new technologies

  • Customer lists (existing and prospective)

All workers are obliged to protect this data.


4. PROTECT PERSONAL AND COMPANY DEVICES

When workers use their digital devices to access company emails or accounts, they introduce security risk to company data. Workers must keep both their personal and company-issued computer, tablet and cell phone secure. To keep these devices secure:

  • Keep all devices password protected.

  • Maintain and upgrade company antivirus software.

  • Do not leave devices exposed or unattended.

  • Install security updates of browsers and systems monthly or as soon as updates are available.

  • Log into company accounts and systems through secure and private networks only.

Workers are advised to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.

When new hires receive company-issued equipment, they will receive instructions for:

  • Disk encryption setup

  • Password management tool setup

  • Installation of antivirus/anti-malware software

Workers are to follow instructions to protect their devices and refer to the company’s ICT provider with any questions.


5. SAFEKEEPING EMAILS

Emails can host scams and malicious software. To avoid virus infection or data theft, workers must:

  • Avoid opening attachments and clicking on links when the content is not adequately explained (e.g. “Watch this video, it’s amazing.”)

  • Be suspicious of clickbait titles (e.g. offering prizes, advice).

  • Check email and names of people they received a message from to ensure they are legitimate.

  • Look for inconsistencies or giveaways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks).

If a worker isn’t sure an email they received is safe, they should refer to the company’s ICT provider. It is important that workers don’t assume something is safe or take unnecessary risks.


6. MANAGING PASSWORDS

Password leaks are dangerous, since they can compromise the company’s entire infrastructure. Not only should passwords be secure so they will not be easily hacked, but they should also remain secret. For this reason, workers are to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays).

  • Remember passwords instead of writing them down. If workers need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done.

  • Exchange personal identifiers and company system identifiers only when necessary and safe to do so. When exchanging them in-person is not possible, workers should prefer the phone instead of email, and only if they personally recognise the person they are talking to.

  • Change their passwords every two months.

The company will implement Multi-Factor Authentication to authorised logins to increase the security and safety of company records and information.


7. DATA TRANSFERS

Transferring data introduces security risk. Workers must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, workers must ask the company’s ICT provider for help.

  • Share confidential data over the company network/system and not over public Wi-Fi or private connection.

  • Ensure that the recipients of the data are properly authorised people or organisations and have adequate security policies.

  • Report scams, privacy breaches and hacking attempts immediately.

The company’s ICT provider needs to know about scams, breaches and malware so they can better protect DCIRS’s infrastructure. For this reason, workers must report perceived attacks, suspicious emails or phishing attempts as soon as possible and directly to the ICT provider, who must investigate promptly, resolve the issue and send a companywide alert when necessary.

The company’s ICT provider is responsible for advising workers on how to detect scam emails. Workers are encouraged to reach out to them with any questions or concerns.


8. ADDITIONAL MEASURES

To reduce the likelihood of security breaches, workers are instructed to:

  • Turn off their screens and lock their devices when leaving their desks.

  • Report stolen or damaged equipment as soon as possible to the Operations Manager or the Managing Director.

  • Change all account passwords at once when a device is stolen.

  • Report a perceived threat or possible security weakness in company systems.

  • Refrain from downloading suspicious, unauthorised or illegal software on their company equipment.

  • Avoid accessing suspicious websites.

Workers must also comply with policies in place relating to social media and internet usage.

The company’s ICT provider should:

  • Install firewalls, anti-malware software and access authentication systems.

  • Arrange for security training for all workers.

  • Inform workers regularly about new scam emails or viruses and ways to combat them.

  • Investigate security breaches thoroughly.

  • Follow the policy provisions as other workers do.

DCIRS will maintain the necessary physical and digital shields to protect information.


9. REMOTE WORKERS

Remote workers must follow the Cyber Security Policy. As remote workers will be accessing the company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure. Remote workers are encouraged to seek advice from the company’s ICT provider to ensure the integrity of DCIRS’s systems.


10. DISCIPLINARY ACTION

Workers must comply with the terms and conditions contained in this Policy. Those who cause security breaches may face disciplinary action. The type and severity of the disciplinary action will depend upon the circumstances of the case and the seriousness of the breach. In serious cases, this may include termination of employment.

In the case of contractors or agents of DCIRS who are found to have breached this Policy may have their contracts with DCIRS terminated or not renewed.


11. CONTACT INFORMATION

Bold ICT: (03) 5410 8999 or help@bold-ict.com.au

Contact the Managing Director and Bold ICT for security breaches and for all suspicious activity.


12. ASSOCIATED DOCUMENTS

  • Data Security Policy

  • Risk Management Policy

  • Code of Conduct Policy


13. VERSION AND REVIEW INFORMATION

DCIRS reserves the right to amend and vary this policy from time to time.

Version 1.0: 12 June 2023

Version 1.2: 5 August 2025 | Review date: 5 August 2028

 
 
 

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.

TERMS & CONDITIONS

bottom of page