Cybersecurity Policy

January 2025

Cybersecurity Policy Implementation at Uruvan

1. Risk Management Uruvan engages external advisory services to assess and manage cybersecurity risks. These services provide insights on emerging threats such as ransomware and phishing, as well as best practices for password management. Recommendations include implementing DNS security tools, antivirus solutions, browsing activity monitoring, and secure authentication methods.

2. Secure Configuration IT maintenance is outsourced, ensuring periodic and on-demand visits, as well as remote assistance. Software updates are performed regularly, and manual antivirus scans are conducted. The company’s management system is supported continuously, with access levels updated per management requests.

3. Home and Mobile Working Remote access to the management system is secured through IPSec VPN tunnels with pre-shared keys. Information stored in Google Workspace requires two-step verification for access. In case of device loss or theft, credentials are immediately changed. No sensitive data is stored on local devices or workstations.

4. Incident Management Google Workspace configurations allow data restoration for up to 25 days. Database backups are performed daily, both locally and remotely on Google Drive, ensuring immediate access to backed-up information.

5. Malware Prevention In addition to Google’s built-in security measures, Uruvan employs ESET PROTECT Entry E2015 antivirus software, with a license valid until June 2026 for all devices. DNS FlashStart is used to filter and block malicious content across all networks.

6. Managing User Access Access permissions are managed via Google Workspace’s admin console and Active Directory (Windows Server) by technical personnel upon request. Uruvan’s HR department communicates necessary account changes, including new hires, terminations, and modifications.

7. Monitoring The company operates with a simplified on-site infrastructure, consisting of a single physical server, while most data is hosted on Google’s servers. Current efforts focus on incident prevention and maintenance until full migration is completed.

8. Network Security Corporate antivirus tools and DNS FlashStart are implemented for network protection. The latter continuously updates blacklists to block malicious sites and allows custom content blocking. Employees receive training on cybersecurity best practices, including fraud and ransomware prevention.

9. Removable Media Controls Company policy strictly prohibits the use of removable storage devices of any kind to prevent unauthorized access and data leaks.

10. Accountability, User Education, and Awareness Uruvan invests in training programs on secure information handling and proper use of company tools, provided by specialized firms such as NST.

This document outlines the cybersecurity policies implemented at Uruvan to ensure data protection and operational security.