IT Services & Policies - Personal Laptop Security Policy
This policy describes the controls necessary to minimize information security risks affecting the use of personal laptops at NextLabs.
All NextLabs computer systems face information security risks. Laptop computers are an essential business tool but their very portability makes them particularly vulnerable to physical damage or theft. Furthermore, the fact that they are often used outside NextLabs’ premises increases the threats from people who do not work for the Company and may not have its interests at heart. Portable computers are especially vulnerable to physical damage or loss, and theft, either for resale (opportunistic thieves) or for the information they contain (industrial spies). Do not forget that the impacts of such breaches include not just the replacement value of the hardware but also the value of any Company data on them, or accessible through them. Information is a vital Company asset. We depend very heavily on our computer systems to provide complete and accurate business information when and where we need it. The impacts of unauthorised access to or modification of, important and/or sensitive Company data can far outweigh the cost of the equipment itself. This policy refers to certain other/general information security policies, but the specific information given here is directly relevant to laptops and, in case of conflict, takes precedence over other policies.
Virus protection of laptops
Controls against unauthorised access to laptop data
Other controls for laptops:-Unauthorized software Do not download, install or use unauthorised software programs. Unauthorized software could introduce serious security vulnerabilities into the NEXTLABS networks as well as affecting the working of your laptop. Software packages that permit the computer to be ‘remote controlled’ (e.g. PCanywhere) and ‘hacking tools’ (e.g. network sniffers and password crackers) are explicitly forbidden on NEXTLABS equipment unless they have been explicitly pre-authorised by management for legitimate business purposes. Unlicensed software Be careful about software licences. Most software, unless it is specifically identified as “freeware” or “public domain software”, may only be installed and/or used if the appropriate licence fee has been paid. Shareware or trial packages must be deleted or licensed by the end of the permitted free trial period. Some software is limited to free use by private individuals whereas commercial use requires a license payment. Individuals and companies are being prosecuted for infringing software copyright: do not risk bringing yourself and NEXTLABS into disrepute by breaking the law. Backups Unlike desktop PCs which are backed up automatically by IT, you must take your own backups of data on your laptop. The simplest way to do this is to logon and upload a data from the laptop to the network on a regular basis – ideally daily but weekly at least. If you are unable to access the network, it is your responsibility to take regular off-line backups to CD/DVD, USB memory sticks etc. Make sure that off-line backups are encrypted and physically secured. Remember, if the laptop is stolen, lost or damaged, or if it simply malfunctions, it may be impossible to retrieve any of the data from the laptop. Off-line backups will save you a lot of heartache and extra work. Laws, regulations and policies You must comply with relevant laws, regulations and policies applying to the use of computers and information. Software licensing has already been mentioned and privacy laws are another example. Various corporate security policies apply to laptops, the data they contain, and network access (including use of the Internet). Visit Information Security’s intranet website for further information. Inappropriate materials Be sensible! NEXTLABS will not tolerate inappropriate materials such as pornographic, racist, defamatory or harassing files, pictures, videos or email messages that might cause offence or embarrassment. Never store, use, copy or circulate such material on the laptop and steer clear of dubious websites. IT staff routinely monitor the network and systems for such materials and track use of the Internet: they will report serious/repeated offenders and any illegal materials directly to management, and disciplinary processes will be initiated. If you receive inappropriate material by email or other means, delete it immediately. If you accidentally browse to an offensive website, click ‘back’ or close the window straight away. If you routinely receive a lot of spam, call IT Help/Service Desk to check your spam settings. Health and safety aspects of using laptops Laptops normally have smaller keyboards, displays and pointing devices that are less comfortable to use than desktop systems, increasing the chance of repetitive strain injury. Balancing the laptop on your knees hardly helps the situation! Limit the amount of time you spend using your laptop. Wherever possible, place the laptop on a conventional desk or table and sit comfortably in an appropriate chair to use it. If you tend to use the laptop in an office most of the time, you are advised to use a ‘docking station’ with a full-sized keyboard, a normal mouse and a display permanently mounted at the correct height. Stop using the portable and consult Health and Safety for assistance if you experience symptoms such as wrist pain, eye strain or headaches that you think may be caused by the way you are using the portable.
Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. |