First Contact

First Contact Cybersecurity and Data Breach Response Policy

Effective Date: 26th February 2025
Website: www.firstcontact.co

1. Introduction

First Contact Pty Ltd, referred to as First Contact, Company, We, Us, or Our, is committed to protecting user data, preventing cyber threats, and ensuring a swift response in the event of a security breach.

This policy outlines our cybersecurity measures, data protection practices, and incident response protocols to safeguard our digital infrastructure, customer information, and business operations.

If you suspect a security issue or breach, contact security@firstcontact.group immediately.

2. Cybersecurity Measures

We implement a multi-layered security approach to protect First Contact’s website, digital services, and customer data.

2.1 Data Encryption & Security

All personal and payment data is encrypted using industry-standard encryption protocols (AES-256).
SSL/TLS is used for secure data transmission across our website.
User passwords are hashed and stored securely, with no plain-text storage.

2.2 Access Controls & Authentication

Multi-Factor Authentication (MFA) is required for admin and privileged accounts.
Role-Based Access Control (RBAC) ensures employees access only the data necessary for their roles.
Regular review and revocation of access permissions for departing staff.

2.3 Malware & Threat Protection

Web applications are protected by firewalls, intrusion detection systems (IDS), and anti-malware software.
Regular security patches and software updates are applied to prevent vulnerabilities.
AI-based monitoring systems detect and mitigate potential cyber threats.

2.4 Employee Security Training

Mandatory cybersecurity awareness training for all employees.
Simulated phishing attack exercises to educate staff on social engineering threats.
Secure remote work policies to protect access to business systems.

2.5 Third-Party Risk Management

Security vetting of third-party service providers that handle customer data.
Contracts with data protection agreements to ensure compliance.
Regular security audits and vulnerability testing of third-party integrations.

3. Data Breach Response Plan

Despite robust security measures, cyber incidents may occur. This section details our incident response process to handle breaches effectively.

3.1 What is Considered a Data Breach?

A data breach is any unauthorized:

Access, disclosure, modification, or destruction of personal, financial, or business data.
Compromise of user accounts or website functionality.
Cyberattack affecting website operations, databases, or third-party integrations.

3.2 Breach Detection & Investigation

Security teams conduct real-time monitoring to detect suspicious activity.
A forensic investigation is launched immediately upon breach detection.
The root cause and scope of the breach are determined within 24 hours.

3.3 Containment & Mitigation

Immediate lockdown of compromised systems to prevent further impact.
Revocation of unauthorized access and forced password resets.
Security patches and emergency updates applied within 48 hours.
Coordination with third-party service providers to contain external risks.

3.4 Notification & Regulatory Compliance

If a breach exposes personal data, First Contact will:

Notify affected users within 72 hours via email.
Provide details on what data was compromised and recommended security actions.
Notify the Australian Information Commissioner and other relevant regulators in compliance with Australian Privacy Act (1988) and GDPR.

3.5 User Guidance After a Breach

If your account or data is affected by a breach, we recommend:

Changing passwords immediately and enabling Multi-Factor Authentication (MFA).
Monitoring your accounts for suspicious activity.
Reporting any unauthorized transactions or emails impersonating First Contact.

4. Cyber Incident Escalation Process

Incident Severity	Description	Response Time	Resolution Goal
Critical	Large-scale data exposure, ransomware, or system-wide failure	15 minutes	24 hours
High	User account breaches or unauthorized access detected	1 hour	6 hours
Medium	Website slowdowns or minor service disruptions	4 hours	1 business day
Low	General security concerns, phishing attempts, or spam reports	1 business day	3 business days

For urgent security matters, email security@firstcontact.group with "Security Incident – Urgent" in the subject line.

5. Compliance with Cybersecurity Standards

First Contact follows industry best practices and regulatory guidelines for cybersecurity and data protection, including:

Australian Cyber Security Centre (ACSC) Essential Eight Framework
General Data Protection Regulation (GDPR – EU)
California Consumer Privacy Act (CCPA – US)
ISO 27001: Information Security Management Systems (ISMS) Guidelines

We undergo annual security audits and penetration testing to maintain compliance.

6. Security Responsibilities of Users

While we maintain strict security standards, users must also take steps to protect their accounts and data.

6.1 User Responsibilities

Users agree to:

Keep login credentials confidential and not share accounts.
Use strong, unique passwords for their accounts.
Report any suspicious activity immediately to First Contact.

6.2 Prohibited Activities

Users must not:

Attempt to hack, modify, or disrupt First Contact’s systems.
Use automated tools to scrape data or overload website servers.
Engage in fraudulent transactions or payment bypass techniques.

Violating these terms may result in account suspension, legal action, or reporting to law enforcement.

7. Updates to This Policy

We continuously monitor evolving cyber threats and may update this policy accordingly. Any significant changes will be communicated to users.

Last Updated: 26th February 2025

8. Contact Information

For cybersecurity concerns, breach reports, or security-related inquiries, contact:

Email: security@firstcontact.group
Registered Office: Level 8, 488 Bourke Street, Melbourne, Victoria 3000, Australia