Cybersecurity is an ever-increasing priority for organisations worldwide as we become more reliant on online IT systems and devices to conduct business.

To assist our customers, here is a basic template Cybersecurity and Social Media Policy to get you started, which you are free to use and edit. Our consultants can also assist further with a tailored comprehensive policy for your business.

Cybersecurity and Social Media Policy Template

This policy provides information to employees as to their responsibilities for protection of the company’s technology and information assets, including computing hardware, system software, data, applications and communications systems.

  1. Passwords
    1. Employees must comply with the Employee Password Policy.
    2. Upon termination of employment, passwords and user access will be suspended or deactivated.
  1. Email
    1. Company email addresses are only to be used or shared with third parties for the purpose of conducting the company’s business. They are not to be used for personal or non-business purposes.
    2. Emails and attachments are to be treated with due caution where received other than from known and trusted contacts.
    3. Any suspicious looking emails are to be reported to the IT department and/or deleted. Employees must not click on any hyperlinks or open any attachments contained in such emails.
  1. Company data
    1. Confidential data of the company includes, but is not limited to, financial information about the company or its business, customer data, data about partners and vendors, customer and contact lists, and data relating to the company’s business processes.
    2. Employees are responsible for any confidential data of the company used and/or stored on their accounts or devices and they are not to make any copies of such data or distribute it to third parties without the company’s authority.
    3. Any internal transfers of the company’s confidential or other data is to utilise the company’s network or other methods approved by the company.
    4. Employees are to access company data or accounts only by secure networks and using hardware provided or approved by the company and monitored by the company’s cybersecurity provider.
  1. Computers and devices
    1. Employees are to lock or shut down computers and mobile devices when they are not in use, with automated locking screens set to activate when they may be left unattended.
    2. All mobile computers, devices and storage drives are to be secured when not in use.
    3. Any theft or loss of such equipment as is used to access or store any company data or accounts is to be immediately reported to the IT department.
    4. Employees are to ensure that available security updates are regularly installed on such devices and that they are running such antivirus and security software as is prescribed by the company. Any issues are to be reported to the IT department.
  1. Social media
    1. Employees must not post or publish anything on social media which is directly or indirectly disparaging of the company or any of its employees, customers or suppliers.
    2. In the use of their social media profiles or platforms, employees must not post or publish anything which purports to represent the company or the views of the company, unless they have been authorised to do so.
  1. Cybersecurity incidents
    1. Employees must immediately report any cybersecurity breaches or suspected breaches to the IT department.
    2. In the event of any cybersecurity breaches, employees must follow all related  directions of the IT department.

Looking for more policy templates?

Here are some further policy templates you are free to copy and edit:



This page provides general information as a guide only, to be used at your sole risk. It does not constitute legal or other professional advice and you should seek such advice specific to your circumstances in implementing any workplace policies.