Securing our internal environment

View certificate 

Cyber Essentials is an effective, Government backed scheme that helps protect our organisation against a whole range of the most common cyber-attacks. 

All team members at Simana who have access to our internal network must do so with a device which has been enrolled in our Mobile Device Management (MDM) cloud service. This enables our security team to make sure all mobile devices connecting to our network meet our enforced security requirements, which includes configurations such as encryption, device password, anti-malware software, Multi-factor authentication, OS versions and more. 

Applications that are used to fulfil our team’s capability to operate and perform internal tasks are kept automatically updated with the latest security patches. Malware scans are executed daily on applicable endpoint devices to capture and eliminate any potential threats via real time protection. 

Enrolled endpoint devices which trigger our compliance policies will indefinitely become labelled as non-compliant. Team members who are in control of non-compliant devices will be immediately notified and instructed on how to rectify their non-compliant status as soon as possible. Access to the internal network will be restricted if the assigned compliance rectification instruction has not been actioned within a strict timeframe. 

Simana has a well-defined process for provisioning team member access for all systems used as business-as-usual (BAU) operations. We follow a role-based access control approach, fortified by the principle of least privilege for all team members. Obtaining advanced permissions for selected applications must go through a permission request workflow whereby the request is reviewed and then signed off by the application’s appointed Super-user. 

Advanced system permissions are reviewed at a regular cadence to mitigate the risk of falling short of the principle of least privilege.  

Access to all BAU systems also requires multi-factor authentication, which is enforced as a mandatory step for the sign in process. 

All Simana team members go through security awareness training from day 1 of employment, and this is revisited and renewed annually. Training topics range from phishing awareness, to keeping an enrolled device secure, data protection and beyond.  

Our Security personnel are always available and easy to reach via our instant messaging software or intranet, which encourages healthy conversations about best security practices and support for the entire team.  

We also utilise and target our unsuspecting team with a phishing attack simulation program that is integrated in our security service, which sharpens everyone's senses and resistance to the very phishing attacks they will undoubtedly be on the end of at some point. 

We want to hire people who will go on to positively shape the security-embedded culture we have built. Background checks are performed, as permitted by local laws, on all new hires to aid in this process. Depending on the role, background checks may include criminal history checks, education verifications, employment verifications, and credit checks.