This policy describes the controls necessary to minimize information security risks affecting the use of personal laptops at NextLabs. 

All NextLabs computer systems face information security risks.  Laptop computers are an essential business tool but their very portability makes them particularly vulnerable to physical damage or theft.  Furthermore, the fact that they are often used outside NextLabs’ premises increases the threats from people who do not work for the Company and may not have its interests at heart. 

Portable computers are especially vulnerable to physical damage or loss, and theft, either for resale (opportunistic thieves) or for the information they contain (industrial spies).

Do not forget that the impacts of such breaches include not just the replacement value of the hardware but also the value of any Company data on them, or accessible through them.  Information is a vital Company asset.  We depend very heavily on our computer systems to provide complete and accurate business information when and where we need it.  The impacts of unauthorised access to or modification of, important and/or sensitive Company data can far outweigh the cost of the equipment itself.

This policy refers to certain other/general information security policies, but the specific information given here is directly relevant to laptops and, in case of conflict, takes precedence over other policies.

Virus protection of laptops

• Viruses are a major threat to NEXTLABS and laptops are particularly vulnerable if their anti-virus software is not kept up-to-date. The anti-virus software MUST be updated at least monthly.  The easiest way of doing this is simply to log on to the NEXTLABS network for the automatic update process to run.  If you cannot log on for some reason, contact the IT Help/Service Desk for advice on obtaining and installing anti-virus updates.

• Email attachments are now the number one source of computer viruses.  Avoid opening any email attachment unless you were expecting to receive it from that person. 

• Always virus-scan any files downloaded to your computer from any source (CD/DVD, USB hard disks and memory sticks, network files, email attachments or files from the Internet).  Virus scans normally happen automatically but the IT Help/Service Desk can tell you how to initiate manual scans if you wish to be certain.

• Report any security incidents (such as virus infections) promptly to the IT Help/Service Desk in order to minimise the damage

• Respond immediately to any virus warning message on your computer, or if you suspect a virus (e.g. by unusual file activity) by contacting the IT Help/Service Desk.  Do not forward any files or upload data onto the network if you suspect your PC might be infected.

• Be especially careful to virus-scan your system before you send any files outside the NEXTLABS.  This includes EMAIL attachments and CD-ROMs that you create.

Controls against unauthorised access to laptop data

• You must use approved encryption software on all corporate laptops, choose a long, strong encryption password/phrase and keep it secure.  Contact the IT Help/Service Desk for further information on laptop encryption.  If your laptop is lost or stolen, encryption provides extremely strong protection against unauthorized access to the data.

• You are personally accountable for all network and systems access under your user ID, so keep your password absolutely secret.  Never share it with anyone, not even members of your family, friends or IT staff.

• Corporate laptops are provided for official use by authorized employees.  Do not loan your laptop or allow it to be used by others such as family and friends. 

• Avoid leaving your laptop unattended and logged-on.  Always shut down, log off or activate a password-protected screensaver before walking away from the machine.

Other controls for laptops:-

Unauthorized software

Do not download, install or use unauthorised software programs.  Unauthorized software could introduce serious security vulnerabilities into the NEXTLABS networks as well as affecting the working of your laptop.  Software packages that permit the computer to be ‘remote controlled’ (e.g. PCanywhere) and ‘hacking tools’ (e.g. network sniffers and password crackers) are explicitly forbidden on NEXTLABS equipment unless they have been explicitly pre-authorised by management for legitimate business purposes.

Unlicensed software

Be careful about software licences.  Most software, unless it is specifically identified as “freeware” or “public domain software”, may only be installed and/or used if the appropriate licence fee has been paid.  Shareware or trial packages must be deleted or licensed by the end of the permitted free trial period.  Some software is limited to free use by private individuals whereas commercial use requires a license payment.  Individuals and companies are being prosecuted for infringing software copyright: do not risk bringing yourself and NEXTLABS into disrepute by breaking the law.

Backups

Unlike desktop PCs which are backed up automatically by IT, you must take your own backups of data on your laptop.  The simplest way to do this is to logon and upload a data from the laptop to the network on a regular basis – ideally daily but weekly at least.  If you are unable to access the network, it is your responsibility to take regular off-line backups to CD/DVD, USB memory sticks etc.  Make sure that off-line backups are encrypted and physically secured. Remember, if the laptop is stolen, lost or damaged, or if it simply malfunctions, it may be impossible to retrieve any of the data from the laptop.  Off-line backups will save you a lot of heartache and extra work.

Laws, regulations and policies

You must comply with relevant laws, regulations and policies applying to the use of computers and information.  Software licensing has already been mentioned and privacy laws are another example.  Various corporate security policies apply to laptops, the data they contain, and network access (including use of the Internet).  Visit Information Security’s intranet website for further information.

Inappropriate materials

Be sensible!  NEXTLABS will not tolerate inappropriate materials such as pornographic, racist, defamatory or harassing files, pictures, videos or email messages that might cause offence or embarrassment.  Never store, use, copy or circulate such material on the laptop and steer clear of dubious websites.  IT staff routinely monitor the network and systems for such materials and track use of the Internet: they will report serious/repeated offenders and any illegal materials directly to management, and disciplinary processes will be initiated.  If you receive inappropriate material by email or other means, delete it immediately.  If you accidentally browse to an offensive website, click ‘back’ or close the window straight away.  If you routinely receive a lot of spam, call IT Help/Service Desk to check your spam settings.

Health and safety aspects of using laptops

Laptops normally have smaller keyboards, displays and pointing devices that are less comfortable to use than desktop systems, increasing the chance of repetitive strain injury.  Balancing the laptop on your knees hardly helps the situation!  Limit the amount of time you spend using your laptop.  Wherever possible, place the laptop on a conventional desk or table and sit comfortably in an appropriate chair to use it.  If you tend to use the laptop in an office most of the time, you are advised to use a ‘docking station’ with a full-sized keyboard, a normal mouse and a display permanently mounted at the correct height.  Stop using the portable and consult Health and Safety for assistance if you experience symptoms such as wrist pain, eye strain or headaches that you think may be caused by the way you are using the portable.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.