Cyber Security
Last updated: February 2018
Requirements
KI addresses Cyber Security as part of its comprehensive GDPR compliance. KI strives to have adequate systems and controls in place to counter the risk of financial crime and employs a proportionate and risk-based approach, taking into account customer base, business and risk profile.
Information that needs protection
KI does not hold any sensitive consumer data like, credit card, financial or medical records or details. We do however have data, information and assets we would wish to protect which if lost, could result in financial or reputational damage to the company, for example:
- Customer / Project data
- Employee data
- Contracts / leases
- Management meeting notes & minutes
- Financial information not yet in the public domain
A number of controls are currently in place which provide protection against unauthorised access to sensitive information, be it through restricted use of hardware and software or by access to or by the company’s employees.
Security measures currently in place
- Operating systems and software is kept updated and patched
- Complex passwords are in use for all employees
- Boundary Hardware Firewalls and secure VPN connections are in place
- Filters are in place ensuring suspicious emails are marked for deletion and virus checked upon receipt
- Anti-virus software in place and regularly updated
- Physical security restricting access to IT equipment via a combination locked room
- Monitoring in place for installation of unauthorised software and device change logging
- Blocking of 3rd party file-sharing services
Policy for User Access Management procedures
- Systems to segregate data with access controls determined by both individual and by filing (drive) structure
- File block level backup on and off-site backup on a daily basis
- Quarterly Meetings with 3rd party IT consultants to review all policies and procedures with a view to strengthening security where appropriate