Summary
This policy defines rules and principles for the use of all user endpoint devices, such as workstations, laptops, tablets, mobile phones and mobile storage units.
The policy is applicable to all internal and external personnel.
Principles
Remote working
- You are not allowed to leave any devices unattended in car or hotel unless properly secured, e.g. using a cable lock
- Be aware of people peeking over your shoulder. If this cannot be avoided, use a privacy screen
- Avoid the use of public Wi-Fi hotspots. If you must, use a VPN client
Protection
For devices that are used to store or process information classified as Confidential or Sensitive:
- Full disk encryption (BitLocker, FileVault or Veracrypt) must be enabled
- The device must be protected using a password, pin code and/or bio metrics
- Remote device wipe is enabled
Repairs
- Use only authorized service centers
- Unlock codes or passwords may not be shared
- If possible, hand in the device without SSD or HDD
Anti malware
- Client side web filtering must be enabled and its warnings must not be ignored.
- All connections must be firewalled (Windows Defender Firewall or Mac OS Firewall)
- For Windows devices, antivirus must be used (Microsoft Defender)
Software and operating system updates
- Install security updates and patches immediately upon notification
- Automatic updates must be enabled where possible
- The use/abuse of tools that are able to override security controls is prohibited;
- For all software (components) and media files (image, audio and video clips) you download, you must check the copyright/license agreement to make sure:
- Are you allowed to use it?
- Are you allowed to redistribute it?
- Always use trustworthy sources for downloads;
- You are not allowed to use file sharing tools to share Confidential or Sensitive information;
- When in doubt, contact the Security officer.
Usage of own devices
It is allowed to use own devices ("BYOD") for work-related tasks (e.g. accessing email) only if they submit to the terms in this policy.