IT Security Policy

Our approach to data security and privacy

How we protect our company and clients

download word document
As a digital marketing agency, we take the security and confidentiality of our sensitive company data and that of our clients very seriously.

This policy details the measures we have in place to mitigate cybersecurity risks and protect against cyber threats and attacks. By following these guidelines, we maintain a secure and trustworthy environment for our business and our clients.

Protocol Global Ltd uses Google Workspace, an all-in-one suite of cloud-based productivity tools that provide a secure and reliable environment for businesses to operate in. Google Workspace provides a range of advanced security features, such as 2-factor authentication, data loss prevention, and robust encryption, which help to safeguard our sensitive company data and that of our clients. The security benefits of Google Workspace are backed by rigorous compliance standards, including ISO 27001, SOC 2, and GDPR, which ensure that our data is protected against unauthorized access, cyber threats, and attacks. By using Google Workspace, we can operate efficiently while maintaining the highest standards of IT security.

Our security guidelines and processes:

1. Access Control:

Access to our computer systems, networks, and data is strictly controlled, and employees are only given access to the systems and data that they need to perform their job functions. Our team never their login credentials or grant access to anyone else. 

2. Password Security:

Passwords are a critical aspect of our IT security policy. We create strong passwords and update them regularly. We recommend using a password manager to generate and store complex passwords securely. In addition, all devices must have biometric authentication and/or two factor authentication enabled if available.

3. Internet Use:

Employees are required to use Google Chrome or Apple Safari to access cloud systems. Google Chrome is the most secure browser available, and it provides a range of advanced security features such as phishing protection, sandboxing, and automatic updates to protect against known vulnerabilities.

In addition, Chrome is designed to be fast, stable, and compatible with the latest web technologies, which ensures that our employees can access and use software platforms such as Gmail, GA, Hubspot and Eloqua quickly and efficiently. By using Google Chrome, we can reduce the risk of security breaches, protect our sensitive data, and maintain a secure and productive work environment. Other browsers can be used as part of QA and testing for inhouse or client projects.

4. Email Security:

We only use Google Gmail for company communications with credentials.

To access Google Mail, employees use the official Gmail app on their mobile devices, the web-based Gmail client on their desktop computers via Google Chrome. These email clients provide a range of advanced security features, including encryption, spam filtering, and phishing protection, which help to safeguard our sensitive company data and that of our clients.

To ensure the security of our email communications, all employees must follow these guidelines:

• Use a strong password: Employees must use a strong, unique password for your Gmail account and never share it with anyone. You should also enable 2-factor authentication for an extra layer of security.

• Be cautious of suspicious emails: Employees should be vigilant and avoid clicking on links or downloading attachments from suspicious or unknown senders.

• Avoid sending sensitive information: Employees must strictly avoid sending any sensitive information, such as names, addresses, personally identifiable data, passwords, or credit card numbers, via email. If necessary, they should use a secure file transfer protocol or other secure communication channels such as password protected Google Drive links.

• Keep email communications professional: Employees should ensure that their email communications are professional and appropriate. They should avoid using offensive language, making personal attacks, or engaging in any other behaviour that could be considered harassment or discrimination.

• Keep the email client up to date: Employees must ensure that they are using the latest version of the Gmail app or web-based client to benefit from the latest security features and bug fixes.

• By following these guidelines, our employees can help to maintain a secure and trustworthy email environment for our business and our clients.

5. Cloud Storage and File Management:

We use Google Drive for document management and storage, backups, and version control. All documents containing sensitive company data or that of our clients must be encrypted and password-protected before uploading to Google Drive. We only access Google Drive from a safe private space and not in public spaces.

It is important to understand how we use Google Workspace to control access to different folders and files, control access, collaboration, and sharing, and maintain security between teams and clients. We use Google Drive for real-time backups, version control, and to ensure that all important files are accessible from anywhere. With Google Workspace, managers can provide access to projects as required, and each team member can be given access to the specific files and folders they need. By using Google Workspace, we can collaborate effectively while maintaining the security and privacy of our clients' sensitive data.

6. Firewall:

All company devices must have active router and device level firewalls to protect against cyber threats and attacks.

7. Screen Timeouts and Locks:

All company devices running on Windows 10, 11, or Android, iOS, Mac OSX must have screen timeouts and locks enabled after a specified period of inactivity to prevent unauthorised access.

8. Remote Working:

When working from home or while traveling, we ensure that workspaces are secure and free from distractions. We ensure that any Wi-Fi networks we use are secure and that VPN protocol are used to access company systems.

9. Client Data Privacy:

We do not store the data of our clients' clients. We do not download or share our customers' contact data.

10. Device Updates:

All company devices running on Windows 10, 11, iOS or Mac OSX have the latest patches and updates installed to ensure they are protected against known vulnerabilities.

11. Access to MaaS cloud platforms

We take the management, access, and control of our clients' logins to their instances of marketing platforms such as Oracle Eloqua, Google Analytics, LinkedIn, Hubspot, Wordpress, Salesforce, and more very seriously. We are diligent in ensuring that we never download any content or data onto our own systems and follow good IT security hygiene practices to protect our clients' sensitive information. We use secure, complex passwords for all login credentials and recommend that they are stored in a secure password manager. Access to these platforms is only granted to team members who require it to complete their job functions, and we monitor access logs to ensure that there is no unauthorized access.

12. Screen share and virtual meetings

When participating in screen sharing and meetings using tools such as Google Meet, Microsoft Teams, and Zoom our team adheres to these polices:

- Be mindful of what you share on your screen, ensuring that no sensitive or confidential data is displayed.
- Protect your privacy and maintain a professional appearance by obscuring your background if possible.
- Be inclusive and respectful of all participants, using appropriate language and tone.
- Protect yourself, your company, your client, and any other participants on the call by adhering to the principles in this document.

- Never show any sensitive or confidential data on your screen.
- Avoid sharing any inappropriate messages or content on chat during the call.
- Don't forget to protect your privacy by obscuring your background.
- Never use inappropriate language or tone during the call.
- Avoid any actions that could compromise the security of yourself, your company, your client, or any other participants on the call.
- Never demand to see a participant’s camera or background

All employees of Protocol Global Ltd follow this IT Security Policy to ensure that we maintain a secure and trustworthy environment for our business and our clients. 
+44 (0) 203 755 3511

London / Milton Keynes
Registered Head Office: Protocol Global Ltd, 16 Upper Woburn Place, Bloomsbury, London, England, WC1H 0AF
Registered in England Number 9502225. Copyright Protocol Global Ltd 2014-2023 – All rights reserved. 

‘Protocol’ and ‘Protocol Empowering Marketers’ are both registered Trademarks of Protocol Global Ltd.