Cyber Security Policy

Purpose

This policy sets out the measures The Marketing Guys takes to protect our business, client data, and employees from cyber threats, in compliance with the UK Data Protection Act 2018, GDPR, and guidance from the National Cyber Security Centre (NCSC).

Scope

This applies to all employees, contractors, and third-party service providers with access to Company systems.

Key Security Measures

1. Access Control

   • Each employee has a unique login and must use strong passwords and multi-factor authentication.

   • Access is role-based and reviewed quarterly.

2. Data Protection

   • Client data is encrypted at rest and in transit.

   • Personal data is only stored on secure, approved systems.

3. System Security

   • All devices must run Company-approved antivirus software and firewalls.

   • Security patches and updates are applied regularly.

   • Remote access requires VPN usage.

4. Incident Response

   • Any suspected breach must be reported immediately to Dan Proctor (dan@themarketing-guys.co.uk).

   • We maintain an incident response plan including containment, investigation, notification, and recovery steps.

5. Employee Training

   • All staff undergo annual cybersecurity awareness training.

   • Phishing simulations and refresher modules are conducted regularly.

Remote Working

• Company data must not be stored on personal devices.

• Public Wi-Fi must only be accessed via secure VPN.

Monitoring and Compliance

Regular security audits and penetration testing will be conducted. Non-compliance may result in disciplinary action.