Purpose

Hire Culture is committed to protecting client information, company information, and the systems used to support our Remote Team Members (RTMs), employees, contractors, and clients.

The purpose of this policy is to establish minimum security awareness training requirements and security expectations for all personnel working through or on behalf of Hire Culture.

Scope

This policy applies to:

• All Hire Culture employees

• All Remote Team Members (RTMs)

• Independent contractors engaged by Hire Culture

• Temporary workers or consultants with access to company or client information

Policy Statement

All personnel are responsible for maintaining the confidentiality, integrity, and security of company and client information.

Security awareness training is required to ensure individuals understand common security risks and their responsibilities in protecting sensitive information.

Training Requirements

New Hire / Onboarding Training

All personnel must complete security awareness training during onboarding before receiving access to company systems, client systems, or sensitive information.

Training Topics Include:

• Confidentiality obligations

• Password security requirements

• Phishing and social engineering awareness

• Safe email practices

• Secure file-sharing practices

• Device security expectations

• Reporting suspicious activity

• Protection of client information

Completion of onboarding security training will be documented as part of the onboarding process.

Ongoing Refresher Training

All personnel must participate in security awareness refresher training at least annually.

Additional Training May Be Required If:

• Significant security threats emerge

• Company policies change

• A security incident occurs

• A client requires additional security training

Refresher training may be delivered through:

• Live training sessions

• Recorded training modules

• Written security updates

• Company growth and development meetings

Phishing and Social Engineering Awareness

Personnel must remain vigilant against phishing attempts and social engineering attacks.

Examples Include:

• Suspicious emails requesting passwords

• Unexpected links or attachments

• Requests for financial information

• Messages impersonating company leadership, clients, vendors, or coworkers

Personnel Are Expected To:

• Verify suspicious requests before responding

• Avoid clicking unknown links

• Avoid opening unexpected attachments

• Report suspicious communications immediately

No employee or RTM should ever share passwords through email, chat, text message, or other unsecured channels.

Password and Account Security Requirements

Personnel must follow the password security standards outlined below.

Password Requirements

• Use unique passwords for business accounts

• Create passwords that are difficult to guess

• Avoid using personal information in passwords

• Change passwords immediately if compromise is suspected

Multi-Factor Authentication (MFA)

Where available, MFA should be enabled for:

• Email accounts

• Company systems

• Client systems

• Cloud storage platforms

Account Sharing

The sharing of usernames, passwords, authentication codes, or account credentials is strictly prohibited unless explicitly approved and documented.

Device and Workspace Security

Personnel are expected to:

• Lock devices when unattended

• Use antivirus and security software where applicable

• Maintain updated operating systems and software

• Avoid using unsecured public Wi-Fi when accessing sensitive information

• Store company and client information only in approved systems

Confidentiality Expectations

All personnel are required to protect confidential information belonging to:

• Hire Culture

• Hire Culture clients

• Prospective clients

• Fellow RTMs and employees

Confidential Information May Include:

• Client business information

• Customer data

• Financial information

• Proprietary processes

• Login credentials

• Internal company communications

Personnel may only access information necessary to perform their assigned responsibilities.

Confidential information may not be disclosed, copied, shared, or distributed without authorization.

These obligations remain in effect after termination of employment or engagement with Hire Culture.

Reporting Security Concerns

Personnel must immediately report:

• Suspected phishing attempts

• Lost or stolen devices

• Unauthorized account access

• Suspected data breaches

• Security incidents involving client information

• Any activity that may compromise company or client data

Reports Should Be Submitted To:

Hire Culture Leadership Team

[email protected]

Leadership will investigate reported concerns and take appropriate action.

Policy Violations

Failure to comply with this policy may result in:

• Additional training requirements

• Removal of system access

• Disciplinary action

• Termination of employment or engagement

• Client notification where required

Acknowledgment

All personnel must acknowledge that they have reviewed and understand this Security Awareness Training Policy as part of onboarding and ongoing employment or engagement with Hire Culture.