Reporting suspicious cyber activity at BlueDot Impact

This was extracted from our internal documentation and published as part of our June 2023 internal cybersecurity course.

💡 If you see any suspicious activity, email details to [security contact].

Examples of suspicious activity:

• Suspected phishing emails, texts, calls, LinkedIn messages, or similar
• Security notifications you don’t recognise (e.g. ‘you’ve logged in from [foreign country]’)
• Your device is behaving strangely, or you otherwise suspect it may be infected
• Information being shared with the wrong people
• You’ve found a security bug, even if you don’t think anyone exploited it, or you’ve fixed it
• Anything else that you think could be an indicator of a security-relevant event. If you’re not sure, report it!

Why we care

Cybersecurity is everyone’s responsibility at BlueDot Impact. Maintaining good security practices is important to us, because only if we are secure can we:

• convince people to share data that allows us to deliver services (e.g. coaching calls)
• convince people to share data that allows us to improve (e.g. session feedback)
• keep our stakeholders safe (e.g. avoid abuse, career damage)
• maintain our public reputation (which affects whether applicants and funders choose us)
• avoid costly penalties from civil lawsuits or regulators