Cyber Security Policy
This policy:
- extends to all use of office digital equipment during all hours of the day and night.
- applies to any personal computing devices, laptops, PDA’s, etc that may be connected to the Office or onboard network.
- considers all applicable standards and Industry Guidelines.
A safe, secure and resilient cyber operating environment is ensured, that allows for the HSQE incident free execution of maritime operations and communications
by:
- minimizing office LAN exposure to internet.
- authorizing ship computers access to internet only subject to CCSO and management approval.
- connecting ship systems with external private devices only subject to SCSO and CCSO/IT and management authorization.
- Mandating internet access to vessels from ashore, through multiple firewalls, only after management approval and then implemented by the CCSO/IT dept.
- Separating and in no way connecting to internet of all critical ship systems apart from the workstations.
Learning engagements are conducted regularly and as necessary, to enhance all sea-going and shore colleagues cyber security awareness through:
- continuous update on cyber vulnerabilities within the maritime domain.
- Active participation in relevant associations and fora.
Cyber security emergency response plan is in place to ensure effective and efficient response i case of cyber attack.
Cyber bullying with the use of the company’s communication equipment will be treated as a serious breach of the company code of conduct and result in disciplinary action against perpetrators.
Travel cybersafe
Wise use of social media
- when talking on line in Company workplace always make it clear that any statements are your own and do not represent the view or values of the Company.
- only post online what you would be comfortable saying to people in person or in public.
- never disclose to your friend what your enemy should not know.
- never use social media as a platform to harm, intimidate insult, threaten, defame or embarrass others.
Personal Devices
- Avoid the use of personal devices for company purposes.
Cloud use
- for data transfer instead of portable devices (USB, memory cards etc).
- for routine/daily tasks in order to enhance mobility of the information, reduce the need for backups, as well as to enhance security of information.