Categories

Security Protocols

At Forge Marketing, security is everyone’s responsibility. Whether you’re working in the office, from home, or on the go, following these protocols keeps our data, clients, and team safe.

1. Device Security

  • Passwords:
    • Must be at least 12 characters with upper/lowercase, numbers, and special symbols.
    • Never share passwords or write them down.
  • Multi-Factor Authentication (MFA): Required for all company accounts.
  • Lock screens: Lock your laptop/desktop when stepping away (Windows: Win + L, Mac: Control + Command + Q).
  • Updates:Do not delay software or system updates — they often include security patches.

2. Workspace Practices

  • In the Office:
    • Use only your assigned workstation and equipment.
    • Clear desks of sensitive documents before leaving.
    • Visitors must sign in and be escorted.
  • Remote Work:
    • Connect through the Forge VPN when outside the office.
    • Do not use public Wi-Fi without VPN.
    • Keep work files in Google Drive (Forge Workspace), not on local devices.

3. Data Handling

  • Confidential Information:
    • Store client data only in approved systems (Drive, CRM, or project tools).
    • Do not email sensitive files without encryption.
  • USBs/External Drives: Use company-issued encrypted devices only.
  • Printing:Print only when necessary; collect documents immediately.

4. Communication Security

  • Phishing Awareness:
    • Verify links before clicking.
    • Do not open attachments from unknown senders.
    • Report suspicious emails to IT immediately.
  • Messaging: Use approved platforms (Slack, Teams) — avoid personal messaging apps for work.

5. Incident Response

If you suspect a security issue (lost laptop, phishing attempt, data breach):

  1. Disconnect your device from the internet.
  2. Contact IT Support immediately: Daniel Fox — daniel.fox@forgemarketing.com or Emma Ward — emma.ward@forgemarketing.com
  3. Do not attempt to fix the issue on your own.

6. Regular Training

  • Annual Cybersecurity Awareness Training is mandatory.
  • Quarterly phishing simulations will be conducted.
  • Department leads will review security best practices with teams monthly.

Related articles