Skip to main content

Systems & Securities Policy

Currently under review

Telephone & Email

  • Email signatures must conform to our company standard signature. If in doubt, please speak with the office manager.
  • If the Company subsidizes your cell phone contract and/or if you give out your cell phone number to business clients or contacts, please ensure that you record a professional greeting on your mobile voicemail. This does not need to include our firm’s name, however, at a minimum, you should include your first and last name and when you expect to be able to return the call.
  • When you are away from the office or not intending to answer work-related voicemails, record an appropriate out-of-office message and/or activate your automated ‘out of office reply’ stating the dates of your absence and appropriate contact information for clients during your absence.

System Security

General system security practices at George & Bell include the following:

  • Be sure to validate the source of all email attachments prior to opening.
  • If considering emailing confidential data (as an attachment), see Section 3 below. If considering transferring such confidential data to a work colleague internally by email, the same procedures as “external” (below) must be followed; alternatively (and preferably), you may send a file link to our server by email.
  • Immediately report any concerns about computer or file server / network to IT Support and please copy your responsible partner.

Transferring / Receiving Data Between G&B & External Entities

George & Bell uses LiquidFiles to send and receive files that include confidential data[1] in a convenient and secure manner. This web-based application’s primary purpose is to replace insecure methods (email, postage, etc.) of moving confidential information between George & Bell and its clients.

Features include:

  • Send confidential files to a client using LiquidFiles’ build-in mailer interface or by sharing a link.
  • Request files from a client. The client sees a simple and easy-to-use interface for uploading the requested file. No signup is required on the client's part.
  • Provide a permanent URL to clients who regularly need to upload confidential files.
  • Store a collection of files accessible by any team member for easy distribution.

Each employee receives an email from LiquidFiles asking to complete the signup process. If you did not receive this message please email IT Support.

To access the LiquidFiles service, go to and bookmark: https://transfer.georgeandbell.com. For information on how to use LiquidFiles please see LiquidFiles’ User Guide.

[1] Confidential data is secret and valuable. Common examples are:

  • Unpublished financial information
  • Personal data of clients/partners/vendors/members (e.g., files including names, SINs, addresses, health information, etc.)
  • Client lists (existing and prospective)

Working from Home & Security

To ensure the security of our client data and related information, work must only be performed on George & Bell-owned computers / laptops[1]. If you are not physically in the office, access client files through a secure VPN connection (from your George & Bell computer only).

Furthermore:

  • Please ensure that when you leave the office, you either take your laptop with you or lock it in your desk or some other secure location. Similarly, when working from other locations, care should be taken as to the accessibility of your laptop by non-G&B employees.
  • If working from the office, it is up to the employee as to whether you take your laptop home every night. We encourage employees to take their laptop home if:
    • There’s a good chance that getting to the office the next day may be an issue;
    • It would be beneficial for their health/the health of the office to work from home the next day; or
    • There are other reasons why working from home would be beneficial to the employee/the office.

[1] If you need to conduct work and you do not have access to a George & Bell computer and VPN connection, you should contact your manager or a Partner to discuss how to proceed.

Physical Security

  • Lock your screen when you temporarily leave your computer (hold windows button and hit “L” on keyboard).
    • The same considerations with respect to the security of your laptop, as described above, apply to any cellphone you use for work purposes, in particular if such cellphone includes work-related emails, messaging apps (e.g., Microsoft Teams), client files, etc.
    • “Locking screens” requires that a “strong” password must be used to regain access. [Note: a strong password on your cellphone is not four digits.]
  • Ensure all doors to our office are always kept locked (including front, side, and patio doors).
  • Do not lend your office key or building passes to any non-G&B employees.
  • Should you notice suspicious persons loitering on our floor or near our office, contact Building Security immediately (778-838-8625).
  • All office desks are to be cleaned at the end of each day and any physical files are to be locked in a drawer at the end of the day.
  • Report stolen or damaged equipment to the office manager and our IT Consultant as soon as possible.
    • All account passwords should be changed at once when a device is stolen; contact our IT Consultant for further instructions.
  • Review the COVID-19 Workplace Safety Policy for safety/security recommendations specific to the COVID-19 pandemic.

Archiving

·         To remove and secure past email messages which may have contained sensitive and/or confidential information from Microsoft Office 365, please configure and enable the AutoArchive feature within Microsoft Outlook.

·         Once enabled, all email messages older than 6 months will be removed from your Microsoft Office 365 account and stored locally within a PST file on your laptop. It will be accessible even if you are not connected via VPN and it will also be backed up (as it is stored within Documents which gets synchronized with the file server anytime the VPN is connected). Email messages stored within the archive will no longer be accessible via your mobile device or through a web browser; only via your Outlook client.

·         Please refer to the Configuring AutoArchive guide to walk you through the set-up process.

Phishing

To further enhance the firm’s cyber defenses, increased attention should be paid to some very common types of cyber-attacks. “Phishing” is the most common type of attack that affects organizations. The goal of these attacks is getting you to share sensitive information such as login credentials, credit card information or other sensitive information. Listed below are a few tips to help you spot such attempts.

  1. Do not click on any links or attachments from senders you do not recognize.
  2. Do not provide sensitive personal information such as usernames, passwords, or credit card information over email/text/messaging apps.
  3. Inspect URLs carefully to make sure they are legitimate.
  4. Always check the sender’s email address to confirm that no alterations have been made such as additional numbers, letters, or a different domain.
  5. Many phishing emails also contain a lot of spelling and grammar errors.
  6. Do not try to open documents that you are not expecting to receive.
  7. Rely on our message header (see below) that shows if the email is from an external sender. If the sender is purporting to be someone who works for George & Bell, their message will NOT have this header.
  8. Written instructions/directions from fellow G&B team members will generally be sent to you via email or Microsoft Teams. It is very rare that you would be given instructions (particularly instructions to purchase goods/services or grant access to our server or confidential client information) through any other applications (like FB messenger, WhatsApp, Signal, etc.) If you do receive instructions via this medium, you should confirm by speaking to the sender in person before acting on any instructions.
  9. If you are unsure about any instructions received by e-mail or Microsoft Teams from a G&B team member, call that person or ask your manager for help.
  10. Let your instincts and common-sense help protect you.

All employees will be required to complete information security training upon hire. Furthermore, all employees will be subject to ongoing phishing testing on a regular basis and the results of the same will be reported to the partners for further action as necessary.

Please do not hesitate to contact IT Support if you have any concerns regarding an email or attachment.


Back to top