Computer and Electronic Communications

Introduction

If you have an IT problem, you should message #help-it on Slack. If you’ve got a deadline, let your manager know or the team you were working together with. If Slack is unavailable, you should text / Signal / WhatsApp your manager.  

Being a marketing agency, we hold a lot of sensitive client data, along with our internal data too. We have a responsibility and a duty to make sure all that data is kept secure and looked after the best we can.

We are all responsible for network security, and everyone is expected to act with honesty and integrity when using our software. We are providing you extensive access based on our client’s trust in us and our trust of you. Breaking that trust has serious consequences.

If you are found to break this policy, you will be subject to disciplinary action, including dismissal without notice. Any breach of this policy could have damaging consequences for our clients and our business.

We may also deduct your pay or engage in any civil recovery process for reasonable damages incurred for your wilful negligence of this policy.

IT is an ever-changing industry, and this policy is not an exhaustive list of all the dos and don’ts. If this policy doesn’t spell out how to behave, you behave, act in accordance with our values, and if you’re in any doubt, speak to your manager first.

If we use new security processes, you must follow them even if they are not spelt out in this policy. If you don’t, it will be considered a failure to follow a reasonable management instruction.

We reserve the right to monitor the use of any of our systems, including all your company accounts, devices, calls, emails, vehicle GPS and building access to ensure they are being used appropriately.

We will require all company devices back in a reusable condition when your employment ends with us or if we request them back sooner, which we reserve the right to do.  We have the right to charge you a reasonable replacement or repair cost, but we accept normal device ageing including wear and tear.

We cannot stress enough how important this policy is, and the seriousness of the consequences if you break it.

Company Devices

All company systems, including hardware and software, belong to the company at all times. We have the right to access, monitor and wipe company devices at any time. For this reason, we request you do not use company devices for personal work.

You must have a secure device password that’s not used anywhere else. You must not share this device with anyone. If you’re working on a company device with another person, you must not leave it unlocked unattended.  

We do permit you to perform general personal tasks such as checking the news or your personal email when you’re not on working hours. This should be kept to a minimum and only used when your personal device isn’t at hand (such as commuting). You must not download or open attachments in your personal emails.

This device should not become or have activity levels that reflect your general personal device. Regular personal use of company devices is a disciplinary offence.

System Security

You must only connect to our systems using your company account. You may not use your personal account or the account of another employee irrespective of if you have their permission. If a resource you need is on an employee’s account, please speak to your manager who will access and transfer that for you.  

If you’re a manager, you’ll be informed of how to do this, if you have any difficulties or question if the file should be released, please speak to the directors.

You may be asked to work through a generic “admin” account where user management isn’t possible. Log out of this account after use.

All passwords will be provided via our password manager, which you will log into with your own account. You must have managerial approval to connect our password manager to your personal device.

You may be asked or want to access certain accounts from your mobile device (such as your email and Slack). Type your password manually to access these accounts unless you’ve been given authorisation to install our password manager on your mobile device.

You must use 2FA (two-factor authentication) where available to access your accounts. We prefer using LastPass authenticator on your phone rather than text code. You will normally be given some backup codes when you set this up. Please screenshot or save as a text file and send to your manager so we can back them up.

In certain circumstances you may be required to have a separate password manager account on our company device, then the one you use on your personal device. As your company device will have more access, you must not swap them over.

You must not share your personal device with anyone if you have files open or are logged into any of our company accounts, including the password manager. Please log out when you have finished working on shared devices.

You must have anti-virus software installed and operational at all times on a personal device you use for work, even when you’re not working.

You must not visit any sites during working hours that could be harmful to the company on a company device or via our WiFi. This includes anything that’s illegal, offensive, in bad taste or immoral including pornography or internet games.

While we aim to have, strong email spam filters do not open any email attachments or files shared when you don’t know who the sender is. Check the file type and ask your manager if anything feels odd.

All information, documents and data created and saved in our systems either on company devices or in the cloud remain our property at all times.

If any device connected to the company’s systems is hacked, lost or stolen, you must inform us immediately. Contact our MD directly if it’s outside business hours.

Data Protection

This section covers the data protection rights of others. For your own Data Protection Rights, please see our Data Protection Policy which you’ll sign separately.

You may come into contact with personal data from other individuals and that of our clients throughout your employment. If you are not authorised to use such personal data, you must disregard it and not open, modify, copy or delete it.

You may not disclose the personal data of others for any reason. If you feel data needs to be disclosed please contact your manager.

You must keep all personal data secure and comply with our security policies at all times, including those implemented by our clients.

You must not store personal data locally unless authorised to do so. If you are authorised, you must upload it to our secure cloud when you’ve finished working and delete it.

Our clients put trust in us that the personal data they have is going to be kept securely. We are extending that trust to you, and expect you to comply with all security policies.

If you fail to do so, this is an act of gross misconduct and will result in the immediate termination of your employment and possible further action.

Email Communications

You may access your company email on any device. As emails contain sensitive client data, you must log out of them before sharing your device with someone else.

You may only use your company email for our business use.

We have the right to read any emails sent to or from your company email account.

Emails are the subject of legal action so ensure all emails maintain a high standard of professionalism, are completely honest and will hold up if contested in a court of law either for yourself or the company.

Unless it’s obvious spam, you must not delete any emails unless you’ve been authorised by your manager. If you’re running out of storage space, please let us know.

Any emails you’re not sure what to do with (or are for someone else) forward it to the appropriate person or to our general inbox [email protected]

Emails retained for record-keeping such as client invoices, specification or amendments should be printed as a PDF and uploaded to our shared Google Drive.

You must not engage in any illegal or unethical conversations via email, including discriminatory, abusive, harassing or otherwise. The directors will determine if your emails have crossed a line and what disciplinary action to take.

You must write with honesty and integrity. You must not make any guarantee or promise over the results a client will see. You must not mislead or provide half-truths.

When emailing (or communicating by any means) to clients, you must ensure the advice you give is accurate. If you are in even the slightest doubt check with your manager before sending specific points of advice.

You must not amend or remove our email disclaimer.

If any communications, sent internally or externally, are found to be abusive, harassing, discriminatory or otherwise you’ll be liable to disciplinary action.

Company Phone

You may be issued with a company phone which is for the purpose of company business only. Any personal calls, apps, or other costs incurred on the device will be deducted from your wages.