Posted At: Dec 30, 2025 - 318 Views
As CEO, I’m not writing this as a policy update — I’m writing it as a responsibility.
In 2025, 94% of successful cyberattacks begin with human error — a clicked link, a shared password, an unverified call. It takes one mistake to compromise our client data, financial systems, or reputation.
This isn’t about blaming individuals. It’s about empowering every one of you — from interns to managers — with the clarity to act safely, every single day.
Here are 5 non-negotiable security rules for all staff, effective immediately:
Rule 1: No Work Data on Personal Devices — Ever
Using WhatsApp to share client files, saving project docs on personal Google Drive, or taking screenshots of internal dashboards may seem convenient — but they bypass our security controls entirely.
✅ Do this instead:
- Use only company-approved tools: Microsoft Teams, OneDrive (with encryption), or hSECURITIES-issued devices.
- If you must access work remotely, use the company VPN — no exceptions.
Wipe work data from personal phones/laptops before leaving employment.
Why it matters: A single leaked document can trigger regulatory fines, client lawsuits, and reputational damage.
Rule 2: Treat Every Unexpected Call or Message as Suspicious
Last quarter, a department head received a call from “IT Support” asking for their Microsoft 365 login to “fix a sync issue.” It was a deepfake voice. We stopped it — but not before credentials were entered.
✅ Verify before you act:
- If someone asks for login, OTP, or file access — call them back on their official office number, not the one they provided.
- Never share passwords, even with “IT” or “HR.” We will never ask.
Report suspicious messages to security@hsecurities.in within 5 minutes.
Remember: Urgency is the scammer’s weapon. Real teams give you time to verify.
Rule 3: Lock Your Screen — Every. Single. Time.
Walking away from your desk for coffee, a meeting, or lunch? If your screen is unlocked, anyone can access payroll data, client emails, or internal tools.
✅ Make it automatic:
- Set screen lock to activate after 1 minute of inactivity.
- Use Win + L (Windows) or Ctrl + Cmd + Q (Mac) as a muscle-memory habit.
In shared spaces (conference rooms, co-working zones), physically close your laptop.
This isn’t paranoia — it’s professionalism.
Rule 4: No USB Drives from Outside — Period
Free USB drives at conferences, “gift” drives from vendors, or even borrowed drives from colleagues are among the top infection vectors for ransomware.
✅ Safe alternatives:
- Share files via OneDrive links (password-protected, expiry set)
- Use company-issued encrypted USBs (available from IT on request)
Scan any external device with Malwarebytes before opening — but better: avoid entirely.
One infected drive can encrypt our entire shared drive in under 90 seconds.
Rule 5: Report — Don’t Hide — Mistakes
Clicked a phishing link? Sent a file to the wrong person? Installed an unapproved app?
Do not panic. Do not delete evidence.
✅ Immediately:
- Disconnect from Wi-Fi/Ethernet
- Call the Security Lead (Ext. 505) or email security@hsecurities.in
Say: “I need a security assist — no blame, just help.”
We have a no-punishment policy for timely self-reporting. Cover-ups cost us far more than honest errors.
Final Note from the CEO
Security isn’t IT’s job. It’s everyone’s job — because every one of you holds a piece of our trust.
These 5 rules take seconds to follow — but they protect our clients, our business, and each other.
I’m counting on you.
— Gurveer Singh
Founder & CEO, hSECURITIES
