Lustosa Marketing Cybersecurity Policy

Purpose

This Cybersecurity Policy is designed to protect Lustosa Marketing’s digital assets, client data, and internal operations. It ensures that all staff, contractors, and associates adhere to best practices in cybersecurity, reducing the risk of data breaches and unauthorized access.

1. Data Protection and Access Control

• Confidentiality: All client and agency data must be kept confidential. Only authorized personnel have access to client information.

• Access Control: Only employees with specific clearance levels can access sensitive data and systems. Access is granted based on role requirements.      

• Password Management: Employees must use strong, unique passwords and change them every 90 days. Multi-factor authentication (MFA) is required for access to key systems.

2. Device Security

• Use of Agency Devices: Employees should use agency-approved devices for work-related tasks. Personal devices are only permitted if approved by management and equipped with adequate security software.

• Software and Updates: All devices must have up-to-date security software, and operating systems should be updated regularly to minimize vulnerabilities.

3. Network Security

• Secure Connections: Staff must connect to Lustosa Marketing’s network only through secure and encrypted channels. Public Wi-Fi should be avoided for work-related tasks unless a VPN is used.

• Firewall and Antivirus Protection: The agency’s network must have robust firewall and antivirus protections to prevent unauthorized access.

4. Email and Communication

• Phishing Awareness: Employees must be vigilant about phishing attempts. Avoid clicking on suspicious links or downloading attachments from unknown sources.