Cyber and Privacy Quick Guide

At Handcrafted, we rely on electronic devices to communicate and store information all the time. However, this comes with some risks. Not only do our devices hold a lot of personal information about us but also we are privileged to have private information about individuals whom we have a duty to keep safe.

The standards of safety and fair use that you may apply in your everyday personal use of phones, laptops and PCs may be less stringent than those expected of you in your work for Handcrafted. Whether you are using your own device or one provided by Handcrafted, you are expected to adhere to the following guidelines. For full details, please refer to the Cyber Policy.

Acceptable Use of Devices

• Device and Systems Access: You may use mobile phones, laptops, and other approved devices to access Handcrafted systems such as email, documents, and cloud-based services. Only access systems and data you need for your role.
• Driving Restrictions: Do not use devices while driving unless completely hands-free. Texting or emailing when driving is prohibited.

• Use Devices Responsibly: Devices should be used in line with Handcrafted’s values. Internet use must be professional and lawful.

Cybersecurity Measures

• Lock Devices Automatically: Devices should automatically lock when idle (ideally after five minutes).
• Antivirus: Ensure antivirus and firewall features are enabled. These will already be configured on all work devices.
• Data Protection: Do not store sensitive trainee details in an identifiable way on personal devices. Use initials or first names only where needed.

• Software Updates: Keep all software and operating systems up to date with security updates wherever these are made available.
• Downloading New Apps: Seek permission before downloading new apps or software for use as part of your work and remove any apps you no longer use.
• Authentication: Wherever available, enable two-factor authentication (2FA) on cloud and email accounts.

Password Security

• Password Length: Use passwords with at least twelve characters, mixing upper- and lower-case letters, numbers and symbols. Phones may be unlocked using a pattern, fingerprint, or face ID feature – patterns should use at least 6 points.
• Unique Passwords: Each Handcrafted account must have a unique password. Never reuse personal passwords for work accounts.

• Keep Passwords Private: Never share your password with anyone else.
• Protect Passwords: Avoid writing passwords down or storing them where they can be easily accessed.
• Phishing: Be wary of phishing attempts and other attempts to steal passwords.
• Change Passwords:  If you suspect a password is compromised, change it. You don’t need to change your passwords regularly unless they are compromised.

Risks and Reporting

• Report Lost Devices: Tell your manager and the Support Systems Officer immediately if a device is lost, stolen or compromised.
• Report Security Concerns: Tell your manager and the Support Systems Officer immediately if you suspect a security breach, such as unusual logins, unauthorised access, or malware.

• Act Quickly: The earlier you report any incidents, the easier it is to mitigate any risks.

Social Media and Online Conduct

• Personal Use: Occasional personal use of social media is allowed as long as it doesn’t interfere with work duties or involve inappropriate content. Be aware that your use of Handcrafted systems, including email and social media, may be monitored.
• Work-Related Use: If you use social media as part of your job, ensure you have the appropriate authorisation and comply with all relevant policies.
• Prohibited Actions: Do not make defamatory statements, share personal information without permission, harass others, breach data protection laws, or disclose confidential information. Always make it clear when you are expressing personal views and not those of Handcrafted.
• Reporting Misuse: Any misuse of social media should be reported to Dan Northover.