All of our staff receive regular training on data protection and information security – we have home-working guidance which all staff have to sign. This reminds them that they have to keep your information confidential and provides practical ways to do that when working from home.
All staff must read our security policies, standards and procedures and these are available to staff at all times.
Our staff access our systems through a Virtual Private Network (also known as VPN) with multi factor authentication - this is a technical control to prevent unauthorised access to our data and systems.
Staff are unable to use removable media and printers - only authorised staff can transfer information from their computer to USB memory sticks and no staff can print at home.
Staff are only able to access the websites they need to do their job – they can’t access personal email or file sharing sites.
All staff computers are fully encrypted with industry standard encryption.
We use data loss prevention tools – these automatically block unauthorised sharing or emailing of confidential information.
We have anti-virus and anti-malware software – this is on all staff computers as well as protecting our email and internet systems.
We use email filtering – emails are scanned to stop our staff getting phishing and spam emails.
We monitor access and changes to files – this includes logging all access to customer data.
Our security operations centre monitors our security systems 24 hours a day, 7 days a week. They make sure our systems are operating correctly. They also monitor for unusual activity such as misuse of company devices or anyone trying to transfer confidential information.
We comply with the Payment Card Industry Data Security Standard when we take card payments.
Lowell Group is ISO27001 certified – this means that our Information Security Management System meets the international standard.