We deliver......
so that you can.
VISIT Systems Limited
Security Policy
1 Purpose
Any device that can access the corporate network must be considered part of that network and therefore subject to policies intended to protect the network from harm. Any computer or device that is proposed for network connection must be approved by the IT department.
Portable and home based computers (herby referred to as remote computers) offer staff the ability to be more productive while out of the office. They offer greater flexibility in where and when staff can work and access information, including information on The company’s corporate network. However, network-enabled remote computers also pose the risk of data theft and unauthorized access to our corporate network.
2 Policy Statement – Remote Computers
2.1 Protection
In order to qualify for access to our corporate network, the remote computer must meet the following conditions:
- Network settings must be reviewed and approved by IT support personnel.
- Anti-virus/anti-malware software must be installed. Software must have active (real time) protection enabled and be kept up-to-date. IT personnel will assist in making sure anti-virus software is initially installed and configured. The recommended anti-virus software is Symantec.
2.2 User’s Responsibilities
- The user of the remote computer is responsible for physical and network security of the computer whether they are onsite, at home, or on the road.
- Portable computers must never be left unattended in an unsecured environment. Instead, they should be either locked in a cabinet or drawer in the office or utilize physical security chains or cables to make their removal more difficult.
- When not connected to the The company Local Area Network, the user of the remote computer is responsible for ensuring their anti-virus scanning software is up-to-date at all times. It is strongly recommended that they manually update their anti-virus software before going on the road. Users should work with their local IT department for details on how to ensure their anti-virus software is updated.
- The user of the remote computer shall access The company network resources only via the LAN or LogMeIn connection (https://www.logmein.com/pro/security-information). Such access must require authentication.
- No unauthorized software shall be loaded on The company-owned computers without prior IT support approval.
2.3 Secure Audits
The IT department reserves the right to audit any device used for company business to ensure that it continues to conform to this Policy. The IT department will also deny network access to any device, which has not been properly configured, scanned, and approved.
2.4 Sensitive Information on Laptops
Laptop computers are common targets for theft, and we must assume that some laptops will be stolen and their contents no longer in our control. Users, with laptops who have access to sensitive or confidential information, whether for the company, a clients business, or an employee’s personal information, must implement the appropriate security measures. Sensitive data should be saved on the network drive (not the hard drive) and should be restricted using appropriate access control. Additionally, when sensitive data is stored on the computer they should employ strong encryption software and encrypt sensitive and confidential information. The company standard encryption software is PGP and can be acquired from your IT department.
Where possible, sensitive information should not be stored or transported on a laptop computer. Users accessing sensitive data should use a virtual machine whenever possible, since the data is isolated to the data center with this method.
3 Policy Statement – Desktop and Server computers
3.1 Protection
- Anti-virus/anti-malware software must be installed. Firewalls will be enabled Server computers.
- Access to servers will either be physical, via RDP whilst connected to the LAN or via LogMeIn connection for offsite access.
- Backups taken daily and kept offsite.
3.2 User's Responsibilities
- The user of the computer will ensure that it is locked when left unattended.
- No unauthorized software shall be loaded on the computers without prior IT support approval.
4 Password Selection
Because computer thieves are extremely sophisticated, it is important to select a password that is not easily guessed. You are not allowed to use your spouse’s name, parents’ names, phone numbers, and variation of the following words: “password”, ”test”, blank. Please, refer to the Password Policy for more guidelines on password creation.
You should memorize your password. Writing it down (especially on or near your computer) will compromise security. Never send your password online.