I have been asked to type up a 'Janet & John' handbook on PC security, including- not attaching phones, logging off, shutting down and updates, password control etc. we want a guide that can be rolled out to existing staff but more importantly can be given to all new starters.
can you guys take a look over my draft and suggest anything to add or any changes.
all suggestions welcome!
PC & Network Security at Sky Insurance
This document outlines briefly how we should interact with the work network via your devices. Remember it is the responsibility of the individual using the device to make sure it is not compromising security as well as being in a good working order. If your device is not working correctly then please report this straight away.
All PC's within the building handle confidential information, it is our responsibility to keep that information secure. Please follow the bullet points below to make sure that your PC is functioning correctly.
- Turn it off every night.
Although this might sound obvious you will need to make sure that your PC is fully shutdown each night after use. This is to make sure that the PC has a chance to cool down and allows any security updates / patches to be implemented to the PC.
- Connecting devices.
Be very careful when plugging any device into your computer, any device could potentially be carrying a virus, this could directly attack our network and could cause huge problems. Think carefully if your device needs attaching before you do. For example, if you are able to charge your phone using a power socket then please use this instead off a USB port on the computer. If you do plug your phone/tablet in then make sure when the dialog box appears on the PC you click 'DO NOT TRUST'
- locking & logging on/off
Please make sure that you log your PC off if you are intending to leave your desk, at the least make sure you put the PC into a 'locked' state. Do not just turn the monitors power off. A shortcut to lock your PC is to press the 'Windows Key' at the same time as the 'L' button. It is your responsibility to make sure your account is not accessible by others.
All members off staff will have a password assigned to them, this password should not be changed as this can cause issues for management and IT if access to the account is needed. Do not disclose your password to anyone else, this is for your account only. Also make sure that you don't disclose any information regarding passwords and usernames to visitors or anyone outside of the organisation.
- Virus's & Malicious Software
Do not download or try to install any software on your PC's without consulting someone first. If your PC is underperforming or is experiencing from anything below then immediately escalate the issue;
- Pop Ups
- Webpage Change
- Icons changed
- Software opening up or asking to update which you haven't seen before
- slowness and crashing after installing an application
- Attachments on E-Mails that do not seem legit - DO NOT OPEN THE ATTACHMENT
- E-Mail, Faxing & Scanning
The easiest way to get information into the building/network and out by accident is through E-mail, faxing or scanning. Please be very carefully when doing these that you fully understand how to carry out the task. If you are using a scanner which also has a fax function then make sure you do not send any confidential information out of the building. In most cases it is not possible to retrieve data once it has left the building. If in doubt speak to a manager.
- Work Network
This is a work network, which means it is setup and operates in such a way that it is compliant in the areas it needs to be. The setup and security of the network does not operate in the same way that your home broadband would. With this in mind, do not use your PC's or the internet for anything other than what is meant to be used for, an example of miss-using this would be to download a music over the internet connection.