EXUS IT Security Procedures: Mobile Devices

Mobile Devices

• Corporate laptops are encrypted and pre-configured, with no changes allowed without prior IT approval.
• Corporate smartphones are password or PIN protected, pre-configured with EXUS Mobiles account, and have EXUS approved apps only.
• Personal smartphones should be password or PIN protected and have access to EXUS approved apps.
• Immediately report loss or theft of mobile devices to the IT Admin team.

Passwords

• Use a mixture of lower and uppercase letters, numbers, and symbols in passwords.
• Passwords must be at least 12 characters long and not contain usernames.
• Change passwords every 180 days and store up to 6 passwords in history.
• Use strong authentication (MFA/2-Way) whenever possible.
• Never use the same password for different accounts.

Access Management

• Users access only what they need to access, based on job position.
• Team Leads/Managers inform the IT Admin team of access changes or revocations.
• Access to third-parties is provided only based on contractual agreements.
• Access management is monitored through the EXUS Internal Helpdesk.

Encryption and Keys Management

• Corporate laptops are encrypted with BitLocker.
• Users must not disable encryption without prior contact with the IT Admin team.
• Passwords of systems and applications are managed with KeePass.
• Encrypt files with confidential data using 7zip prior to sending.

Endpoint Protection

• Corporate and private workstations and specific smartphones run ESET Endpoint Protection.
• ESET Endpoint Protection protects endpoints against malware, blocks malicious sites, and scans corporate email.

Systems Configuration and Changes Management

• Corporate workstations are delivered with a baseline configuration that must not be altered.
• Contact the IT Admin team for installing applications not included in the baseline configuration.
• Changes on IT systems are registered and monitored through Jira.

Data Backup

• Use SharePoint document library to store corporate files.
• Use OneDrive for backing up local personal files (max storage capacity is 10GB).
• Backup of IT infrastructure is based on a schedule.

Networks

• Firewall controls flow of incoming and outgoing network traffic.
• Use VPN connection (with 2FA) to access EXUS network remotely.
• EXUS network is segmented into VLANs (VPN and Infrastructure).
• IT Admin team authorizes devices that access the EXUS network.

Files Secure Transfer

• Use email to share small data files (< 25MB), encrypting confidential data before sending.
• Use SFTP to share big data files (> 25MB).
• Use SharePoint or OneDrive to share files with sensitive or confidential information.

Email Security

• Never include confidential data in email bodies.
• Always encrypt confidential data prior to sending via email (using 7zip).
• Set built-in email permissions to “Do Not Forward” or “Encrypt-Only” to encrypt whole email messages.
• Beware of emails asking for personal information and handle email with care.