Skip to main content
Mocha
menu

Cyber Security Policy

Mocha Productions Ltd. Cybersecurity Policy

Effective Date: 1/12/2024

1. Introduction

This policy establishes a comprehensive cybersecurity framework for Mocha Productions Ltd., designed to protect the organisation from cyber threats and ensure compliance with UK Cyber Essentials standards.

2. Scope

This policy applies to all employees, contractors, and third parties working with Mocha Productions Ltd. It covers all operating systems, cloud services, servers and portable storage solutions.

3. Policy Components

3.1 Firewalls and Network Security

  • Deployment and Maintenance: Implement and maintain firewalls on all devices with internet connectivity.
  • Configuration Management: Regularly review and update firewall configurations.
  • Wireless Security: Secure all wireless networks and devices.
  • Isolation: Ensure that the air-gapped server remains isolated from internet connections.

3.2 Secure Configuration

  • System Hardening: Maintain secure configurations across all operating systems and software.
  • Updates and Patching: Regularly update and patch all systems and applications.
  • Service Management: Remove or disable unnecessary software and services.
  • Cloud Security: Ensure that cloud services (e.g. Google Workspace, Vimeo) are securely configured.

3.3 Access Control

  • Policy Enforcement: Implement strict access control measures for all users.
  • Authentication: Use multi-factor authentication for accessing sensitive information.
  • Permission Reviews: Regularly review user permissions, particularly for cloud services.
  • Account Management: Ensure that all accounts, especially those with administrative privileges, are managed securely.

3.4 Malware Protection

  • Anti-Malware Software: Install and update anti-malware solutions on all devices.
  • Regular Scanning: Conduct regular malware scans across all systems.
  • Employee Awareness: Educate staff on recognising and avoiding malware threats.

3.5 Secure Management of USB Drives

  • Usage Policy: Implement procedures for the secure use of USB drives.
  • Malware Scanning: Scan all USB drives for malware before use.
  • Data Encryption: Encrypt sensitive data stored on USB drives.

3.6 Data Backup and Recovery

  • Backup Protocols: Conduct nightly off-site server backups.
  • Recovery Testing: Regularly test data recovery processes.
  • Backup Security: Secure backups with encryption and strict access controls.

3.7 Handling Classified Information

  • Enhanced Measures: Implement additional security measures for handling classified information.
  • Secure Transmission: Ensure the secure transmission and storage of sensitive data.
  • Specialised Training: Provide targeted training for staff on the secure management of classified information.

3.8 Incident Response and Reporting

  • Response Plan: Develop and maintain a comprehensive incident response plan.
  • Staff Training: Train all employees to identify and report security incidents promptly.

4. Training and Awareness

  • Regular Training: Conduct regular cybersecurity training sessions for all staff.
  • Content Updates: Update training materials to reflect emerging threats and technological changes.

5. Policy Review and Update

  • Ongoing Evaluation: Regularly review and update this policy to align with evolving cyber threats and changes in business operations.

6. Compliance and Certification

  • Standards Adherence: Maintain compliance with the Cyber Essentials scheme.
  • Technical Controls: Ensure all technical controls meet Cyber Essentials requirements.

7. Policy Enforcement

  • Disciplinary Measures: Non-compliance with this policy may result in disciplinary action, up to and including termination.

Approved by:
James Wallace
Creative Director, Mocha Productions Ltd.