Apply for May'24 Intake

Data Security Policy

At Western International College (WINC), we place the highest priority on the safety and security of our community members. Through unwavering dedication to data protection and cybersecurity, we implement industry-leading measures in website development, including secure coding and robust HTTPS encryption, to safeguard sensitive information. Regular software updates and strong authentication protocols bolster our defence against potential cyber threats, creating a secure and dependable online learning environment for all students, faculty, and staff.

To ensure ongoing vigilance, we employ advanced firewalls and intrusion detection systems that continuously monitor our network, promptly identifying and addressing any suspicious activities. Our stringent data encryption measures, both at rest and during transmission, provide comprehensive protection for confidential data. Moreover, we implement multi-factor authentication (MFA) for Zoom and email services to enhance security and prevent unauthorised access. We are committed to empowering our community through user education and continuous training, fostering a culture of cybersecurity awareness and preparedness. At WINC, compliance with data protection regulations is paramount, and we remain resolute in our mission to maintain a safe, trusted, and conducive digital platform for the success and well-being of all our valued stakeholders.

Secure Website Development: We use secure coding practices and follow OWASP guidelines to minimise vulnerabilities in our website’s code. Regular code reviews and security testing are conducted to ensure ongoing integrity.

HTTPS Encryption: We encrypt all data transmitted between the user’s browser and our website using SSL/TLS protocols. Our SSL certificates are validated and up-to-date to provide a secure browsing experience.

Regular Software Updates: We keep all software, including our CMS and plugins, up to date to patch any known security vulnerabilities. Automatic updates are enabled to ensure timely protection.

Strong Authentication Mechanisms: We implement strong password policies and encourage our users to use multi-factor authentication (MFA). MFA options include SMS, authenticator apps, and hardware tokens.

User Permissions and Access Control: We implement role-based access control (RBAC) to ensure our users have appropriate access levels. Access reviews are performed regularly to prevent unauthorised access.

Data Encryption: We encrypt sensitive data, both at rest and during transmission. Advanced encryption algorithms like AES-256 are used to protect user information.

Firewalls and Intrusion Detection Systems (IDS): We set up firewalls to monitor and control network traffic and use IDS to detect and respond to potential security breaches. Firewall rules are continuously updated based on emerging threats.

Regular Security Audits and Vulnerability Scanning: We conduct periodic security audits and vulnerability scanning to identify and address weaknesses. External third-party audits are also conducted to ensure impartial assessment.

User Education: We train our website users about cybersecurity best practices, such as identifying phishing attempts and protecting their login credentials. Regular security awareness newsletters are sent to keep users informed.

Privacy Policy and Compliance: We clearly state our website’s privacy policy and ensure compliance with relevant data protection regulations. Privacy impact assessments are performed for new features and functionalities.

Legal Requirements: We disclose personal information if required by law and protect the rights, safety, or property of our users. Requests for data disclosure are evaluated carefully before compliance.

Data Security: We implement industry-standard security measures to protect personal information from unauthorised access or loss. Access to sensitive data is restricted to authorised personnel only.

Data Retention: We retain personal information for as long as necessary, in accordance with our Privacy Policy or legal requirements. Data deletion policies are followed to maintain compliance.

Physical Isolation: We implement physical isolation measures to secure our staff network from unauthorised access. Access to server rooms is restricted, and surveillance cameras are installed.

Network Segmentation: We separate our staff network from other networks to protect sensitive information. VLANs and network segmentation ensure better control over data flow.

Active Directory and Protected Folders: We use Active Directory to manage user accounts and access permissions within our staff network. We implement appropriate permissions for protected folders and files. AD group policies are used to enforce security settings.

MAC Address Authentication: We implement MAC address-based authentication for staff devices to restrict access to trusted devices only. Regular MAC address reviews are performed to maintain a secure environment.

Regular Security Assessments: We conduct security assessments and audits to identify vulnerabilities and address them proactively. Penetration testing is conducted by external experts to assess our defences.

Staff/Faculty Awareness and Training: We conduct regular employee awareness and training on cybersecurity best practices. Regular mock phishing campaigns are conducted to educate users about potential threats.

Incident Response Plan: We have an established incident response plan to mitigate and contain security incidents. The plan is reviewed and updated based on lessons learned from past incidents.

Antivirus and Antimalware Protection: We use Total 360 Security as antivirus and antimalware protection. The software is configured for regular scans and real-time monitoring.

Automated OS Updates: We automate weekly operating system updates to minimise vulnerabilities. Critical security updates are applied immediately.

VPN for Remote Staff: We provide a VPN for staff members working remotely to secure data transmission. VPN usage is monitored to detect any unusual activities.

Data Backup and Recovery: We regularly back up our website’s data to a secure offsite location. Backup integrity is verified periodically to ensure data can be restored if needed.

Secure Payment Processing: If handling online payments, we comply with PCI DSS requirements. Payment processing is outsourced to PCI-compliant service providers to reduce risk.