-
All of our staff receive regular training on data protection and information security – we have home-working guidance which all staff have to sign. This reminds them that they have to keep your information confidential and provides practical ways to do that when working from home.
-
All staff must read our security policies, standards and procedures and these are available to staff at all times.
-
Our staff access our systems through a Virtual Private Network (also known as VPN) with multi factor authentication - this is a technical control to prevent unauthorised access to our data and systems.
-
Staff are unable to use removable media and printers - only authorised staff can transfer information from their computer to USB memory sticks and no staff can print at home.
-
Staff are only able to access the websites they need to do their job – they can’t access personal email or file sharing sites.
-
All staff computers are fully encrypted with industry standard encryption.
-
We use data loss prevention tools – these automatically block unauthorised sharing or emailing of confidential information.
-
We have anti-virus and anti-malware software – this is on all staff computers as well as protecting our email and internet systems.
-
We use email filtering – emails are scanned to stop our staff getting phishing and spam emails.
-
We monitor access and changes to files – this includes logging all access to customer data.
-
Our security operations centre monitors our security systems 24 hours a day, 7 days a week. They make sure our systems are operating correctly. They also monitor for unusual activity such as misuse of company devices or anyone trying to transfer confidential information.
-
We comply with the Payment Card Industry Data Security Standard when we take card payments.
-
Lowell Group is ISO27001 certified – this means that our Information Security Management System meets the international standard.