top of page

CYBER SECURITY POLICY

The Mobile Bookkeeper WA Pty Ltd is committed to protecting the confidentiality, integrity, and availability of information entrusted to us. This Cyber Security Policy outlines our expectations and responsibilities regarding digital security.
 

1. Purpose

  • To establish principles and guidelines that safeguard our business systems and client data against cyber threats.

 

2. Scope

  • This policy applies to all employees, contractors, volunteers, and third-party providers who access company systems or data.

 

3. Roles and Responsibilities

  • Director/Principal: Oversees implementation and review of cyber security measures.

  • All Users: Must comply with this policy and report any suspicious activity.

 

4. Access Control

  • Access to systems and data is granted based on role requirements.

  • Access is revoked promptly upon contract termination or role change.

 

5. Passwords & Multi-Factor Authentication (MFA)

  • Strong passwords must be used and never shared.

  • MFA is required for all cloud-based platforms (e.g. accounting software, email, cloud storage).

 

6. Device Security

  • All devices must be protected with screen locks and antivirus software.

  • Business data must not be stored on personal devices unless approved.

 

7. Data Protection & Encryption

  • Sensitive data is stored in secure, encrypted cloud environments.

  • No client data is to be shared via unsecured channels (e.g., SMS, public Wi-Fi).

 

8. Network Security

  • a. Firewalls & Antivirus: Firewalls are enabled on all devices. Antivirus programs are regularly updated.

  • b. Secure Remote Access: VPNs or secure platforms must be used when accessing systems remotely.

  • c. Wireless Networks: Only password-protected Wi-Fi networks may be used. Public Wi-Fi is prohibited for sensitive tasks.

 

9. Software Updates & Patch Management

  • Systems and software are kept up to date with the latest security patches.

 

10. Backups & Recovery

  • Business-critical data is backed up regularly and stored securely offsite or in the cloud.

  • Backup integrity is tested periodically.

 

11. Incident Response & Reporting

  • All suspected cyber incidents must be reported immediately to the Director.

  • Incidents are logged and reviewed to prevent recurrence.

 

12. Training & Awareness

  • All users receive ongoing training on phishing, password safety, and secure practices.

 

13. Policy Review & Maintenance

  • This policy is reviewed annually or following a significant cyber event.

 

14. Alignment with Frameworks

  • We align our practices with the Australian Cyber Security Centre’s Essential Eight strategies and refer to ACSC guidance where applicable.

 

Contact

​​

​

Last Updated: May 2025

bottom of page