Policy: Laptop Security: Difference between revisions
No edit summary |
|||
| Line 42: | Line 42: | ||
== Controls against unauthorized access to data == | == Controls against unauthorized access to data == | ||
- You must use approved encryption software on all organization-owned laptops. Choose a long, strong encryption password/phrase and keep it secure. You can contact to the IT responsible of the Organization for further information on laptop encryption. If your laptop is lost or stolen, encryption provides strong protection against unauthorized access to the data. | |||
- You are personally accountable for all network and systems access under your user ID, so keep your password safe. Do not share it with anyone including members of your family, friends or IT staff of the Organization. | |||
- Organization-owned laptops are provided for official use by authorized Associates. Do not loan your laptop or allow it to be used by others such as family members and friends. | |||
- Do not leave your laptop unattended and logged-on. Before walking away from the laptop, always shut down, log off or activate a password-protected screensaver. | |||
Revision as of 11:44, 22 July 2011
Overview
The aim of the policy is to describe the controls required and necessary to significantly reduce the risks of information security affecting laptops. Laptop computers are an essential business tool but their very portability makes them particularly vulnerable to physical damage or theft. Since they are often used outside the premises of Future Worlds Center increases the threats.
In addition, portable computers are especially vulnerable to physical damage or loss, and theft, either for resale or for the information they contain which is a vital asset of the Organization.
This policy refers to certain general information security policies, but the specific information given here is directly relevant to the organization-owned laptops.
Physical security controls
- The physical security of the organization-owned laptop is the personal responsibility of the Associate uses the computer, so please take all reasonable precautions.
- Keep the laptop in your possession and within sight whenever possible, especially in public places such as airports, railway stations or restaurants.
- If you have to leave the laptop temporarily unattended in the office, meeting room or hotel room, even for a short while, use a laptop security cable or similar device to attach it firmly to a desk or other heavy furniture in order to prevent easy escape of the thieve.
- Lock the laptop away out of sight when you are not using it (at home, in the office or in a hotel). Never leave a laptop visibly unattended in a vehicle, it is much safer to take it with you.
- Carry and store the laptop in a padded laptop bag or strong briefcase to reduce the chance of accidental damage. Don’t drop it or knock it about. An ordinary-looking briefcase is less likely to attract thieves than an obvious laptop bag.
- If the laptop is lost or stolen, notify the Police immediately and inform the Organization as well as submit the police report (within 48 hours)
Virus protection
- The anti-virus software MUST be updated at least monthly.
- Email attachments are now one of biggest sources of computer viruses. Therefore, avoid opening any email attachment unless you were expecting to receive it from that person.
- Always virus-scan the files downloaded to your laptop from any source (CD/DVD, USB hard disks, memory sticks, network files, email attachments, files from the Internet). Virus scans normally happen automatically but the IT responsible of the Organization can tell you how to initiate manual scans if you consider necessary.
- Report any security incidents (such as virus infections) promptly to the IT responsible of the Organization in order to minimize the damage
- Respond immediately to any virus warning message on your laptop, or if you suspect a virus (e.g. by experiencing unusual file activity) by contacting the IT responsible of the Organization. Do not forward any files or upload data onto the network if you suspect your laptop might be infected in order to avoid the spread of the virus.
- Be especially careful to virus-scan your system before you send any files outside the Organization including email attachments and CD-ROMs created by you.
Controls against unauthorized access to data
- You must use approved encryption software on all organization-owned laptops. Choose a long, strong encryption password/phrase and keep it secure. You can contact to the IT responsible of the Organization for further information on laptop encryption. If your laptop is lost or stolen, encryption provides strong protection against unauthorized access to the data.
- You are personally accountable for all network and systems access under your user ID, so keep your password safe. Do not share it with anyone including members of your family, friends or IT staff of the Organization.
- Organization-owned laptops are provided for official use by authorized Associates. Do not loan your laptop or allow it to be used by others such as family members and friends.
- Do not leave your laptop unattended and logged-on. Before walking away from the laptop, always shut down, log off or activate a password-protected screensaver.
