Stormtech Associate Handbook California

o At least 8 characters (10 or more if allowed) o Mix of letters, numbers, and special characters o Avoid obvious replacements, words, and patterns like “P@ssword123!”, “St0rmtech2018”, “qwerty!@#”, “George321”, etc. They’re very easy to crack. • The same password should not be used for more than one account. • Passwords should be changed every 3-12 months, depending on how sensitive the data is. • Passwords should never be written down on paper, emailed, or stored in unencrypted files. • Associates should log off from their computers before leaving their desks. To help associates keep track of passwords in a secure way, KeePass is installed on all company devices. For more information, contact helpdesk@stormtech.ca or review the Password Security Training materials. Employees are reminded to exercise caution and discretion when sharing company confidential information, particularly in online sources and platforms such as ChatGPT or other digital tools. While these tools may offer convenience, it is essential to recognize that we may not have control over where the information is stored or who can access it. Guidelines for Handling Confidential Information Online: • Refrain from sharing company confidential information in online sources unless explicitly authorized to do so. • Use company-approved platforms and secure channels for sharing sensitive information. • Exercise caution when interacting with third-party tools or services, as they may not offer the necessary security measures to protect confidential data. • When in doubt, consult with the IT department or People & Culture before sharing any potentially sensitive information online. Reporting Concerns Employees are encouraged to report any concerns or potential breaches of confidentiality to their supervisor, People & Culture or the IT helpdesk for further investigation and resolution. Disciplinary Action Associates who do not follow Stormtech’s Technology Use Policy may face disciplinary action, up to and including termination for serious violations. Examples of serious violations include, but are not limited to: • Using Stormtech’s network or equipment to engage in illegal activity. • Sending offensive or inappropriate messages to colleagues, customers, or partners • Sharing sensitive information like customer lists with Stormtech competitors Protection of Company Confidential Information

25|Page