IT and Cyber Essentials Guideline Interpreting and Translation LC Agency
At Interpreting and Translation LC Agency, we are committed to maintaining the highest standards of cybersecurity to protect our clients’ data, our employees, and our freelance linguists. This guideline outlines the best practices for the use of technology, online activities, and cyber security essentials, while ensuring compliance with ISO 27001 standards. It also covers the use of smart mobile phones, data protection, and compliance with GDPR from a UK perspective.
Scope
This guideline applies to all internal employees and freelance linguists of Interpreting and Translation LC Agency.
Information Security Management System (ISMS)
To ensure compliance with ISO 27001, we maintain an Information Security Management System (ISMS) that includes the following elements:
- Policy Development and Approval: Security policies are developed, reviewed, and approved by senior management.
- Risk Assessment: Regular risk assessments are conducted to identify and mitigate information security risks.
- Security Controls: Appropriate security controls are implemented to protect information assets.
- Continuous Improvement: Regular audits and reviews are conducted to ensure the effectiveness of the ISMS and to identify areas for improvement.
Cybersecurity Essentials
1. Use of Technology and Online Guidelines
- Exclusive Use of Technology: All devices used for work purposes should be exclusively for company-related tasks. Personal use should be minimised to prevent accidental exposure to security threats. If personal use is required, it must be strictly minimal and done by setting up a new profile as “Personal” or “Guest” with the permission of LC or the in-charge company representative.
- Software Updates: Ensure that all software, including operating systems, antivirus programs, and applications, are regularly updated to protect against vulnerabilities.
Guidelines for Internal Employees
2. Software and Downloads
- Downloading Software: Do not download or install any software or items on your computer without consulting the LC IT department. Unauthorised software can introduce security risks and vulnerabilities.
- Email Attachments: Be cautious when opening email attachments and clicking on links, even from known senders. If an attachment seems suspicious, verify its authenticity before opening.
3. Preventing Phishing Emails
- Precautions:
- Be cautious of unsolicited emails, especially those requesting sensitive information.
- Do not click on links or download attachments from unknown or suspicious emails.
- Use email filters and security software to detect and block phishing attempts.
- Spotting Phishing Emails:
- Look for generic greetings, such as “Dear Customer,” instead of your name.
- Check for poor grammar and spelling mistakes.
- Verify the sender’s email address carefully. Phishing emails often come from addresses that look similar to legitimate ones but have slight variations.
- Be wary of urgent or threatening language intended to provoke a quick response.
Guidelines for Freelance Linguists
4. Communication and Email Safety
- Opening Emails: Be cautious when opening emails from LC or its customers. If an email appears suspicious, do not open attachments or click on links without verifying its authenticity with the LC admin team.
- Customer Contact: Our customers will never contact freelance linguists directly. If a customer attempts to contact you, refuse communication and refer them to the LC admin team immediately.
5. Smartphone Mobile Security
- Device Security:
- Use strong, unique passwords and enable biometric security features (fingerprint or facial recognition).
- Ensure your device is encrypted and enable remote wipe features in case of loss or theft.
- Avoid using public Wi-Fi for work-related tasks. Use a VPN if necessary.
- Enable tracking and connect to the company admin mobile.
- For social media, avoid liking, following, or commenting without the permission of the Company.
- App Security:
- Only download apps from official app stores.
- Regularly review app permissions and disable those that are unnecessary.
- Avoid using social media except with the permission of the Company for managing official social media accounts.
Data Protection and GDPR Compliance
6. Data Transfer
- Secure Email Systems: Use encrypted email services for transmitting sensitive information. Ensure that emails containing confidential data are password-protected.
- OneDrive: Use OneDrive or other secure cloud storage solutions with password protection for data transfer. Share files only with authorised individuals and set expiration dates for access links.
- BCC Only: Always use BCC only for sending external emails to multiple recipients.
7. Data Protection
- Data Protection:
- Ensure all personal data is processed lawfully, fairly, and transparently.
- Collect data only for specified, explicit, and legitimate purposes.
- Keep personal data accurate and up-to-date, and retain it only for as long as necessary.
- Inform the data officer or manager of any concerns as soon as possible.
- If you send an email to the wrong person, recall it, request deletion, and inform the LC manager for appropriate action. Discipline yourself from committing such violations again; always read and check the address or number before sending.
- Confidentiality:
- Access to personal data should be restricted to authorised personnel only.
- Use encryption and other security measures to protect data during storage and transfer.
- Maintain a clean desk policy and lock your computer before leaving your desk.
- Use a headset to prevent colleagues or household members from listening to confidential or work-related conversations.
Reporting Security Breaches
- Suspected Breaches:
- If you suspect a security breach, it is imperative to report it to the LC Manager immediately. Early reporting can help mitigate potential damage.
- Follow the incident response plan as outlined by the company to ensure the breach is contained and investigated promptly.
Financial Security Measures
8. Preventing Scams and Crimes
- Verification: Verify the identity of new linguists or suppliers before making any payments. This can be done through direct communication and checking their credentials.
- Small Test Transactions: For large transactions, first make a small test transaction and confirm receipt before transferring the remaining amount.
- Regular Monitoring: Monitor bank statements regularly for any unauthorised transactions.
Information Security Controls
To further align with ISO 27001 standards, we implement the following controls:
- Access Control: Limit access to information and systems to authorised personnel only.
- Physical Security: Ensure that physical access to offices and data centres is restricted and monitored.
- Network Security: Use firewalls, intrusion detection systems, and secure network configurations to protect against external threats.
- Incident Management: Establish procedures for detecting, reporting, and responding to security incidents.
- Training and Awareness: Provide regular training and awareness programmes for employees and freelance linguists on information security practices and policies.
Further References and Government Guidelines
For self-learning and awareness, employees and freelancers are encouraged to refer to the following resources:
- National Cyber Security Centre (NCSC): NCSC Cyber Security Guidelines
- National Cyber Security Centre (NCSC): NCSC Cyber Security Guidelines
- Get Safe Online: Get Safe Online
By adhering to this IT and Cyber Essentials Guideline and the ISO 27001 standards, Interpreting and Translation LC Agency can ensure a secure online working environment for all employees and freelance linguists. Maintaining vigilance and following these guidelines will help protect against cyber threats and ensure compliance with national and company cyber security standards.