Cybersecurity Policy
This policy establishes strict security guidelines to protect Peak Processing Solutions from cybersecurity threats, data breaches, and unauthorized access. It also defines the formal process for requesting IT access, ensuring that all requests follow a structured approval workflow.
Scope
This policy applies to all employees, contractors, and third-party vendors with access to the company’s IT infrastructure, including:
- Company-issued devices (laptops, desktops, mobile phones)
- Microsoft 365 services (Email, SharePoint, Teams, OneDrive)
- Epicor ERP and internal business applications
- VPN and remote access tools
Failure to comply with this policy may result in disciplinary action, including revocation of access privileges.
1. Phishing and Cyber Threat Prevention
Identifying Phishing Emails
Phishing is a fraudulent attempt to steal sensitive company information. All employees must remain vigilant against:
- Emails requesting login credentials, financial transactions, or confidential information
- Urgent messages claiming account suspension or legal consequences
- Unexpected email attachments or links to external login pages
- Emails from unknown senders or addresses that appear suspicious
- Spelling and grammar mistakes, poor formatting, or unprofessional language
Reporting Phishing Emails
If an employee receives a suspected phishing email, they must:
- Not click any links or open attachments
- Not reply to the sender
-
Report the email immediately by:
- Clicking "Report Phishing" in Outlook
- Delete the email from the inbox
If an employee accidentally interacts with a phishing email, they must notify IT immediately.
2. Password and Multi-Factor Authentication (MFA) Requirements
All employees must adhere to the following security protocols:
Password Standards
- Passwords must be at least 12 characters long and include uppercase and lowercase letters, numbers, and symbols
- Passwords must not be reused across multiple accounts
- Employees must never share passwords with anyone, including IT employees
Multi-Factor Authentication (MFA) Requirements
- MFA is mandatory for accessing Microsoft 365 services.
- Employees must use the Microsoft Authenticator app or a security key for MFA
- If an employee receives an unexpected MFA prompt, they must deny the request and report it to the IT team.
Any employee found violating password or MFA requirements will be subject to immediate security review.
3. Device Security and Network Usage
Company-Issued Devices
Employees are required to:
- Lock their workstation when stepping away (Windows + L)
- Refrain from installing unauthorized software or using personal USB devices on company computers
- Keep devices updated with all IT security patches and software updates
- Use only company-approved cloud storage and communication tools
Remote Work and VPN Use
Employees working remotely must:
- Use the company-approved VPN to access internal systems such as Avigilon
- Avoid accessing company data from personal devices unless explicitly approved by IT
- Never connect to company systems using public Wi-Fi without a secure VPN connection
Failure to follow device security and network policies may result in removal of remote access privileges.
5. Reporting Security Incidents and System Issues
All security incidents, unauthorized access attempts, and system malfunctions must be reported immediately.
-
Cybersecurity Incidents (Phishing, Account Breaches, Unauthorized Access): Contact Basel (Cybersecurity Lead) at belhamaida@peakprocessing.com
-
Epicor ERP development, Epicor access changes: Contact Tim (Epicor Lead) at tpyne@peakprocessing.com
-
General IT Requests (Software, Equipment, VPN, Microsoft 365 Access): Submit a Help Desk Ticket or send ITsupport@peakprocessing.com.
All lost or stolen company devices must be reported within 24 hours to IT Security.