logo logo
A A A

Cybersecurity

Port of Gdynia Authority S.A. pays particular attention to data security in IT systems and the ICT services it provides. Information is a resource of specific value, which is why it is crucial to secure it properly. The confidentiality, integrity, and availability of data, as well as the continuity of IT systems, form the foundation for the Company’s secure operations.

 

Policy Statement (RFC 2350)

The company has developed a Policy Statement in accordance with RFC 2350 to ensure transparency regarding its response to cybersecurity incidents:

Policy Statement - RFC 2350 (EN)

POBIERZ PLIK

Incident Reporting

Any malfunctions in information systems, electronic devices, or telecommunications equipment should be reported immediately at: incydent@port.gdynia.pl

The report should include:

  • the reporter’s contact information,
  • the date and time of the incident,
  • a description of the incident and its symptoms,
  • the systems or services affected by the incident,
  • technical details (IP addresses, logs, screenshots),
  • actions taken (if any).

What to do in case of an incident

  1. Identify the incident – monitor systems or devices for unusual behavior.
  2. Disconnect the device from the network – limit the spread of the threat.
  3. Do not attempt to fix it yourself – do not tamper with the system or delete data.
  4. Preserve information about the incident – screenshots, logs, and error messages.
  5. Report the incidentincydent@port.gdynia.pl
  6. Provide details of the incident – in accordance with the required scope of information.
  7. Cooperate with the IT team – follow the guidelines.

Basic cybersecurity principles

In any security system, the weakest link is the human factor. Therefore, every user of IT systems and the Internet should consciously and responsibly follow these guidelines:

 Updates and software

  • Regularly update operating systems, applications, and security software
  • Install only software from trusted sources
  • Remove or disable unused applications and services

 

Passwords and authentication

  • Use strong passwords (at least 8–12 characters, including uppercase and lowercase letters, numbers, and special characters)
  • Do not use the same passwords across different systems and services
  • Change passwords regularly, especially on work systems
  • Use two-factor authentication (2FA) where available
  • Do not save passwords in browsers or in unencrypted form

 

E-mail and communication

  • Exercise extreme caution when opening emails and text messages from unknown senders
  • Do not open suspicious attachments or click on unknown links
  • Verify the sender of the message, especially if they request personal information or ask you to take specific actions
  • Be on the lookout for phishing attempts (impersonating well-known institutions or colleagues)

 

Data and access security

  • Protect your login credentials – do not share them with third parties or send them via email
  • Do not use your work login credentials on other websites
  • Exercise extreme caution when using public Wi-Fi networks
  • Use a VPN connection whenever possible

 

Safe internet use

  • Pay attention to login pages – they should be encrypted (HTTPS), have a valid certificate, and not trigger browser warnings
  • Verify the website address (to avoid fake domains)
  • Do not enter sensitive information on suspicious websites

 

Device security

  • Use antivirus software and a firewall with up-to-date databases
  • Secure access to devices with a password, PIN, or biometrics
  • Lock the computer when the user is away
  • Secure access to BIOS/UEFI with a password
  • Encrypt drives, especially on portable devices (laptops, storage media)

 

Storage media and external devices

  • Do not connect unknown devices to your computer (e.g., found USB flash drives)
  • Use only approved storage media
  • Scan external storage devices before use

 

Information and privacy protection

  • Exercise caution when posting information and photos on social media
  • Do not disclose information about security systems, infrastructure, or procedures
  • Do not share confidential information in public places or in the presence of third parties

 

Data transmission

  • Never transmit unencrypted sensitive data (e.g., Social Security number, ID number) over public or unsecured networks
  • Use secure communication channels and data encryption
Tło
Port of Gdynia Authority S.A.

ul. Rotterdamska 9, 81-337 Gdynia

Regon: 191920577 NIP: 9581323524 KRS: 0000082699

info@port.gdynia.pl