top of page

Cybersecurity Policy

Why this exists

Restore the Legacy relies on digital systems and communication tools to manage projects, collaborate with partners, and maintain organisational records.

 

Protecting digital systems and information is essential to safeguard organisational data, partner relationships, and the integrity of the organisation’s work.

 

This policy establishes basic principles for responsible and secure use of digital systems.

 

 

Guiding principle

Restore the Legacy seeks to protect its digital infrastructure and organisational information from unauthorised access, loss, or misuse.

 

Everyone working with the organisation shares responsibility for maintaining secure digital practices.
 

 

Secure access 

Individuals using Restore the Legacy systems are expected to:

  • Use strong and unique passwords

  • Protect login credentials and avoid sharing passwords

  • Enable multi-factor authentication where available

  • Log out of shared or public devices after use
     

Access to systems and organisational accounts should be limited to individuals who require it for their work.

 

Device security 

Devices used to access organisational systems should be reasonably protected.

 

This may include:

  • Keeping operating systems and software up to date

  • Using device passwords or screen locks

  • Avoiding the use of unsecured public devices for sensitive work
     

 

Phishing and suspicious activity 

Cybersecurity risks often arise through phishing emails or suspicious messages.

 

Individuals should exercise caution when receiving unexpected links, attachments, or requests for login credentials.

Suspicious activity should be reported internally so appropriate steps can be taken.
 

 

Data protection 

Sensitive organisational data should be handled carefully and stored in appropriate systems.

 

Where possible, information should be stored in secure organisational platforms rather than personal devices or unprotected storage systems.

 

Handling of personal data and organisational information should also follow Restore the Legacy’s AI Use & Data Protection Policy and other relevant governance policies.
 

 

Incident response 

If a cybersecurity incident is suspected, such as:

  • Unauthorised access to accounts

  • Loss of devices containing organisational data

  • Suspected data breaches
     

the situation should be reported to organisational leadership as soon as possible so appropriate action can be taken.

 

 

Commitment 

Restore the Legacy recognises that responsible digital practices are essential to maintaining trust with partners, donors, and communities.

 

By promoting basic cybersecurity awareness and responsible use of digital systems, the organisation helps protect its work and the information entrusted to it.

Rainforest from top.jpg
Restore the Legacy works to restore and protect tropical rainforest ecosystems together with local communities and partners.

Learn more about our work

bottom of page