AdvertiseMe.TV is a SaaS-based digital signage solution that provides secure and reliable content management services for businesses. This Cybersecurity Policy outlines the security measures and best practices implemented to protect data, systems, and users from cyber threats. This Cybersecurity policy applies to the Site and all products and services offered by Advertise Me Pty Ltd.

Scope

This policy applies to all employees, contractors, and third-party vendors who access AdvertiseMe.TV systems, networks, and data. It covers all aspects of cybersecurity, including data protection, access controls, incident response, and compliance with Australian regulations.

Data Protection

  • Data Encryption: All customer data is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256 encryption).
  • Data Backup: Regular automated backups are performed, stored securely, and tested for integrity.
  • Data Retention: Customer data is retained only for as long as necessary and is securely deleted when no longer required.
  • Privacy Compliance: AdvertiseMe.TV complies with the Australian Privacy Act 1988 and the Notifiable Data Breaches (NDB) scheme.

Access Control

  • Role-Based Access Control (RBAC): Users are granted the least privilege necessary to perform their tasks.
  • Session Management: User sessions automatically expire after a defined period of inactivity.
  • Account Monitoring: Regular audits are conducted to review and revoke unnecessary access.

Network Security

  • Firewalls & Intrusion Detection: Firewalls and intrusion detection systems (IDS) are used to prevent unauthorised access.
  • Secure API Access: API endpoints require authentication and authorisation to prevent misuse.
  • DDoS Protection: Measures such as rate limiting and IP filtering are implemented to mitigate distributed denial-of-service (DDoS) attacks.

Incident Response Plan

  • Incident Reporting: All security incidents must be reported immediately to the cybersecurity team.
  • Investigation & Containment: Affected systems are isolated, and root causes are analysed.
  • Communication & Notification: Affected customers and regulatory bodies are notified in compliance with the NDB scheme.
  • Post-Incident Review: Lessons learned are documented and security measures are improved accordingly.

Software & Infrastructure Security

  • Regular Updates & Patching: All software, including third-party dependencies, is updated regularly.
  • Secure Coding Practices: Developers follow current standard security principles.
  • Penetration Testing: Periodic security assessments and penetration testing are conducted.

Employee Security Awareness

  • Cybersecurity Training: Regular training sessions are conducted to educate employees about security best practices.
  • Phishing Awareness: Employees are trained to identify and report phishing attempts.
  • Acceptable Use Policy: Employees must adhere to strict guidelines for using company systems and handling data.

Compliance & Legal Considerations

  • AdvertiseMe.TV complies with relevant Australian cybersecurity regulations, including:
    • Privacy Act 1988 and the Australian Consumer Data Right (CDR) framework
    • General Data Protection Regulation (GDPR) for international customers

Review & Continuous Improvement

  • This policy is reviewed and updated annually or as needed in response to emerging threats and regulatory changes.
  • Security audits and risk assessments are conducted periodically to ensure compliance and effectiveness.

Contact Information

For any security concerns, please contact security@advertiseme.tv.