...

• Devices must be locked with a password (or equivalent control such as biometric) protected screensaver or screen lock after 10 20 minutes or less of non-use.

• Devices must be locked whenever left unattended.

• Devices storage must be encrypted.

• Antivirus software must be installed and operational on the device.

• Users must report any suspected misuse or theft of a mobile device immediately to the Security team (security@cloudcard.us)

• Confidential information must not be stored on mobile devices or USB drives (this does not apply to business contact information, e.g., names, phone numbers, and email addresses).

• Any mobile device used to access company resources (such as file shares and email) must not be shared with any other person.

• Upon termination users agree to return all company owned devices and delete all company information and accounts from any personal devices.

...

Users shall not leave confidential materials unsecured on their desks or workspace and will ensure that screens are locked when not in use.

Remote Access Policy

CloudCard is a remote company. All business applications, administration interfaces, and other interactions are conducted over HTTPS or equivalent encrypted communications channel. Laptops and other computer resources that are used to access the CloudCard network resources must conform to the security requirements outlined in CloudCard’s Information Security Policies and adhere to the following standards:

• To ensure mobile devices do not connect a compromised device to the company network, Antivirus policies require the use and enforcement of client-side antivirus software.

• Antivirus software must be configured to detect and prevent or quarantine malicious software, perform periodic system scans, and have automatic updates enabled.

• Users must not connect to any outside network without a secure, up-to-date software firewall configured on the mobile computer.

• Users are prohibited from changing or disabling any organizational security controls such as personal firewalls , and antivirus software on systems used to access CloudCard resources.

• Use of remote access software and/or services is allowable as long as Transport Layer Security (TLS or SSL) is used to encrypt the communication of the tool. This includes, but is not limited to, RDP, SSH, database connections, and web applications. For websites, ensure the URL contains https and that the lock icon in the browser bar is green(TLS or SSL) is used to encrypt communications.

• Unauthorized remote access technologies may not be used or installed on any CloudCard system.

• Users should avoid use of public Wi-Fi (e.g. coffee shop, hotel) for any CloudCard business, and should instead use a personal or CloudCard owned mobile hotspot. In situations where public Wi-Fi use is necessary, the same remote access precautions should be followed.

• Users must not access CloudCard resources from a public computer (e.g., from a business center, hotel, etc.). Contact security or your supervisor if you are unable to reach your CloudCard issued laptop and have a business need to do so.

...