Cyber Security Policy
Updated June 2025
1 Introduction
1.1 Elias Recruitment Pty Ltd (“the Company”) is committed to fostering a culture of openness, trust, and integrity, however, this can only be achieved if external threats to the integrity of the Company’s systems are controlled, and the Company is protected against the damaging actions of others.
2 Scope and Purpose
2.1 This policy applies to all workers of the Company, including employees, contractors, consultants and volunteers, as well as any person who has permanent or temporary access to the Company’s systems and hardware (User).
2.2 The purpose of this policy is to set guidelines for generating, implementing and maintaining practices that protect the Company’s computer equipment, software, operating systems, storage media, electronic data and network accounts, from exploitation or misuse.
2.3 As the Company grows and continues to rely on technology to collect, store and manage information, the more vulnerable the Company becomes to severe security breaches. Human errors, hacker attacks and system malfunctions can cause the Company significant financial damage and jeopardise our reputation. It is for this reason that the Company has implemented a number of security measures as outlined in this policy.
3 Passwords
3.1 Compromised passwords are the biggest threat to IT systems. Once someone has your password it is very difficult to detect data breaches because the computer systems think they are you. It is therefore important that your password is strong and robust. All passwords must comply with the following requirements: a) be at least 8 characters long; and b) have a combination of uppercase, lowercase, numeric characters (number) and at least one special character (symbol).
3.2 Passwords must not be recycled and must not be divulged by the User.
3.3 All passwords will be deactivated as soon as possible if the User is terminated, suspended, placed on leave, or otherwise leaves their employment/engagement with the Company.
4 Multi Factor Authentication
4.1 Multi Factor Authentication (MFA) is one of the most important controls that the Company implements to prevent unauthorised access. If a password is compromised, an attacker will be required to access the second authentication factor (phone, email, etc.) to gain access to our systems.
5 Networking and Hardware Security
5.1 The Company utilises anti-virus and anti-malware software to ensure the Company’s data and systems are protected from malicious software and malware. Users are prohibited from disabling, by-passing or adjusting the anti-virus and anti-malware protection software to reduce their effectiveness.
5.2 All devices are automatically locked by the Company after a period of non-use and the User will be required to log back into the system using their password and/or MFA.
5.3 The Company prevents access of public Wi-Fi.
6 Access Control
6.1 Users shall be assigned clearance to particular levels of access to the Company’s information resources and shall access only those recourses that they have clearance for. Access control shall be exercised through username and password controls.
7 Keep Emails Safe
7.1 Emails often host scams and malicious software. It is important that all Users: a) avoid opening attachments and clicking on links when the content is not adequately explained; b) be suspicious of clickbait titles (e.g. offering prizes, advice, creating urgency etc); c) check full email details and names of people they received a message from to ensure the email is legitimate; and d) look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks).
7.2 Users should immediately report any suspicious email(s) directly to the Company’s IT department.
8 Responsibility of Company
8.1 The Company is responsible for: a) ensuring all Users are made aware of this policy; b) ensuring that the Company’s software systems are maintained appropriately; c) implementing appropriate control measures to mitigate security breaches; and d) provide awareness to Users around the importance of security management.
9 Responsibility of Users
9.1 All Users have a responsibility to ensure they comply with this policy and take extreme caution when using the Company’s systems and ensure that such systems are used in a manner which protects the Company’s infrastructure and data from breach. In addition, all Users must: a) ensure all devices are securely stored and not left exposed or unattended; b) not download unauthorised software from the internet onto their PCs or workstations; c) not open email attachments received from unknown senders and immediately notify this to the Company’s IT department; and d) immediately notify the Company’s IT department if they believe their computer systems have been subjected to a security incident or otherwise compromised.
10 Breach of this Policy
10.1 Any User who is found to have breached this policy may have their access to the Company’s systems disabled and/or be subject to disciplinary action, up to and including termination of employment.
10.2 All employees are encouraged to talk to Jason Elias if they have any questions or are unsure about any aspect of this policy.