Cyber Security Policy

This policy outlines how The Campus Label LTD protects confidential information, personal data and operational systems. It applies to everyone working with or for the label, including on personal devices that touch label accounts or data.

Confidential data

Confidential data is secret and valuable. Common examples are:

• Unpublished financial information.
• Personal information of team members, artists, partners or vendors.
• Unreleased music, masters, artwork and other creative work.
• Existing and prospective contact lists.

Everyone working with the label is obliged to protect this data.

Protect personal and company devices

When team members use digital devices to access label email or accounts, they introduce risk to label data. Keep both personal and label-issued devices secure:

• Keep all devices password-protected.
• Run a reputable, up-to-date antivirus / anti-malware product.
• Do not leave devices exposed or unattended.
• Install browser and operating-system security updates promptly.
• Log into label accounts only over secure, trusted networks.

Do not access internal systems and accounts from other people’s devices, or lend your own devices to others. New joiners receive instructions for disk encryption, password management and anti-malware setup at induction. Refer questions to the label’s IT lead.

Keep email safe

Email is the most common route for scams and malicious software. To avoid virus infection or data theft:

• Avoid opening attachments and clicking links when the content is not adequately explained.
• Be suspicious of clickbait subject lines (offering prizes, advice, urgency).
• Check email and sender names to confirm they are legitimate.
• Look for inconsistencies: grammar mistakes, unexpected capitalisation, excessive exclamation marks.

If you’re not sure that an email is safe, refer it to the label’s IT lead before clicking anything in it.

Manage passwords properly

• Choose passwords with at least twelve characters, mixing case, numbers and symbols; avoid information that can be easily guessed (birthdays, pet names).
• Use a password manager. If you must write a password down, keep the document confidential and destroy it when no longer needed.
• Exchange credentials only when absolutely necessary. Prefer in-person or phone (to a person you recognise) over email or chat.
• Enable two-factor authentication on any service that supports it.
• Change passwords on a regular schedule and immediately if compromise is suspected.

Transfer data securely

• Avoid transferring sensitive data (artist personal information, contracts, masters) to other devices or accounts unless absolutely necessary.
• Share confidential data over the label’s systems, not public Wi-Fi.
• Confirm that recipients are properly authorised and have adequate security practices.

Report scams, breaches and hacking attempts

Report perceived attacks, suspicious emails or phishing attempts to the label’s IT lead as soon as possible. The IT lead investigates promptly, resolves the issue, and sends a label-wide alert if necessary. We encourage everyone to reach out with questions about whether something looks legitimate.

Additional measures

• Lock your screen when leaving your desk.
• Report stolen or damaged equipment as soon as possible.
• Change all account passwords at once if a device is stolen or lost.
• Report any perceived threat or possible security weakness in label systems.
• Do not download suspicious, unauthorised or illegal software on label equipment.
• Avoid accessing suspicious websites.

Remote and on-the-road work

Team members working remotely, from venues, or on shoots follow this policy’s instructions in full. When accessing label accounts and systems from a distance, follow all data-encryption and protection standards, and ensure the network you’re on is secure.