Firewall Management: Firewalls must be configured with appropriate rule sets and are set to “deny by default” to ensure only authorized traffic is allowed. Firewall rules will be reviewed and updated regularly to ensure they align with current security requirements. Additionally, traffic from countries other than specified trusted countries will be denied.

Network Segmentation: The network will be segmented into different zones based on security requirements. Critical systems and sensitive data will be isolated from less secure areas of the network to minimize the risk of unauthorized access.

User Authentication: All users must authenticate using strong authentication methods before accessing the network. Multi-factor authentication (MFA) is required for accessing critical systems and sensitive data.

Access Permissions: Network access permissions will be granted based on the principle of least privilege. Users will only have access to the resources necessary for their job functions.

Data in Transit: All sensitive data transmitted over the network must be encrypted using industry-standard encryption protocols to protect against eavesdropping and interception.

Data at Rest: Sensitive data stored on networked devices must also be encrypted to protect against unauthorized access in the event of compromise.

Continuous Monitoring: The network will be continuously monitored for security threats, performance issues, and other anomalies. Automated tools and manual reviews will be used to detect and respond to potential incidents. Monitoring will be enhanced through services such as AWS CloudFront and Cloudflare to provide additional security insights and protections.

Patch Management: Network devices, including routers, switches, and firewalls, will be kept up to date with the latest security patches and firmware updates. Regular maintenance schedules will be established to ensure timely updates.

Vulnerability Management: Regular vulnerability assessments and penetration tests will be conducted to identify and address security weaknesses within the network infrastructure.

Incident Reporting: Any suspected or confirmed network security incidents must be reported immediately to the IT Security Team. Incident reports should include a description of the incident, affected systems, and any actions taken.

Response Procedures: The IT Security Team will follow established incident response procedures to contain, investigate, and resolve network security incidents. Lessons learned from incidents will be used to improve network security measures.

Vendor and Partner Access: Third-party vendors and partners who require access to Speak Ai's network must comply with this Network Security Policy. Access will be granted based on contractual agreements and will be limited to the minimum necessary.

Monitoring and Audits: Third-party network access will be monitored and audited to ensure compliance with Speak Ai's security policies and procedures.

Employee Training: All employees and contractors must undergo regular training on network security best practices and the importance of protecting network resources.

Awareness Programs: Ongoing awareness programs will be conducted to keep users informed about the latest network security threats and the measures they can take to protect the network.