Personal Mobile Device Acceptable Use Policy Training Slideshow

Slides:

Advertisements

Similar presentations

Northside I.S.D. Acceptable Use Policy

Advertisements

Bring Your Own Device Learning in the 21 st Century.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

INTERNET and CODE OF CONDUCT

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

New Data Regulation Law 201 CMR TJX Video.

General Awareness Training

CPS Acceptable Use Policy Day 2 – Technology Session.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

How Safe Is Your Mobile Information? Issues and Safeguards for Mobile Devices Dan Morrissey, CHSP Catholic Health Initiatives Fourteenth National HIPAA.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

University Health Care Computer Systems Fellows, Residents, & Interns.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Children’s Hospital Requirements for Remote Access.

Information Systems Security

SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Policies and Security for Internet Access

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

OFFICE 365 APP BUILDER PROFILE: Druva

Information Security Management Goes Global

Protecting PHI & PII 12/30/2017 6:45 AM

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

Mobile Operating Systems

Mysale Information Classification 101

Bring your own device (BYOD) policy—training materials

Providing Access to Your Data: Handling sensitive data

SmartHOTEL Planner Add-In for Outlook: Office 365 Integration Enhances Room Planning, Booking, and Guest Management for Small Hotels and B&Bs OFFICE 365.

Information Protection & Cyber Security

Lecture 14: Business Information Systems - ICT Security

IWRITER 365 Offers Seamless, Easy-to-Use Solution for Using, Designing, Managing, and Sharing All Your Company Templates in Microsoft Office 365 OFFICE.

Countryside Elementary

UGA Extension Credit Card Processing Training

Chapter 3: IRS and FTC Data Security Rules

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

Red Flags Rule An Introduction County College of Morris

Why ISO 27001? Subtitle or presenter

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Introduction to BYOD EIT, Author Gay Robertson, 2017.

Onslow County Schools Jacksonville Commons Elementary 1:1 Initiative

Enterprise Mobility Management

How to Mitigate the Consequences What are the Countermeasures?

Why ISO 27001? MARIANNE ENGELBRECHT

HIPAA Overview.

Student User Agreement and Policy 2022

BTEC level 3 Learning Aim D.

16. Account Monitoring and Control

Coming soon to Countryside Elementary

Personal Electronic Devices (PEDs) and Dress Code

Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.

Presentation transcript:

Personal Mobile Device Acceptable Use Policy Training Slideshow DriveStrike – The Smart Choice

Instructions for Using This Template Replace [company] with your company’s name, and other company-specific information in [square brackets]. Ensure that all policies are applicable to your company’s goals. Review [optional] items and delete if they do not apply. Replace the footer with your own. Delete this slide. DriveStrike – The Smart Choice

What are Personal Mobile Devices? Primarily smart phones, but also include: Ultra-mobile/netbook computers. Personal laptop computers. Portable gaming devices. Portable media devices. Tablet computers. e-Readers. Any personally-owned device storing corporate data and/or connecting to [company]’s network is bound by the acceptable use policy. DriveStrike – The Smart Choice

Purpose Permitting you to use your own devices to work is mutually beneficial, allowing you to be accessible and productive on a device you are already familiar with. However, personal devices introduce potential risks to the integrity of private information and business data that is made available when connected with [company]’s data and technology. The acceptable use policy is necessary to mitigate the risk. By connecting a personal device to [company]’s network, you agree to comply with the policy explained here, and grant [company] permission to erase the information on your device when necessary. This may include erasing personal data in some cases. DriveStrike – The Smart Choice

Case Study: John at the Beach Effect on [Company] Incident Action John is at the beach with his family when he receives a sensitive e- mail from a coworker on his personal iPhone. John quickly responds to the email and continues with his day at the beach. Later that day, John realizes he forgot his iPhone on the counter at a food stand at the beach. Realizing he has lost his phone, John immediately calls his manager and the IT contact responsible for managing mobile devices. IT is able to remote wipe the iPhone immediately, mitigating data leakage risk and the effect it may have on the company. John’s quick action ensured sensitive data was protected from access by an unintended party. The net effect in real dollar terms to the company is $0 outside of the cost to set up the initial infrastructure. John buys a new iPhone and loads a backup image of his previous device onto it, minimizing the time required to return to productivity. Quick action by employees that have lost devices is the most effective way to mitigate security threats from personal mobile devices. The faster [company] can remote wipe the device, the better. DriveStrike – The Smart Choice

Responsibilities You, as an employee of [company], are responsible for acting in accordance with company policies and procedures. Connections between mobile devices and the corporate network will be managed by [company]’s IT department. [Company]’s IT department will not directly manage the functionality or performance of devices except in their capacity to connect to the corporate network. Users are expected to adhere to the same security standards no matter where the device is used. DriveStrike – The Smart Choice

Policies: Access Mobile devices must be used appropriately, responsibly, and ethically. In most circumstances, these goals can be reached by following the policies laid out here. Mobile devices must be approved by IT before being connected to the corporate network. If necessary, devices must be modified or set up to meet [company]’s security standards. Virtual Private Network (VPN) software must be used when accessing the corporate network from outside the workplace. DriveStrike – The Smart Choice

Policies: Security Do Devices must be encrypted with a strong password. A PIN code is not sufficient. Use reasonable physical security measures. Do not leave your device unattended. Use anti-virus / anti-malware software. If a mobile device connects to a computer, have anti-virus on the computer. Store Crypto Keys In Separate Location Never store USB crypto keys with the device it unlocks. DriveStrike – The Smart Choice

Policies: Security Do Not Do not store unencrypted passwords. For example, by e-mailing a password or storing it in a text file. Do not try to bypass security measures from IT. Leave additional software in place. Do not leave company data on your device indefinitely. If you stop using the device or end your employment, erase company data. Do not use location-based services. Sharing your location with third-parties is not allowed. Do not use your device to capture media. Avoid pictures, video, or audio on company property. DriveStrike – The Smart Choice

Policies: Support [Company] will provide limited support for sanctioned devices. Supported: can’t access corporate e-mail, calendar, collaboration. Not supported: phone won’t turn on, screen is cracked, no service. IT may limit access. Your ability to transfer data to and from specific resources on the corporate network may be reduced at any time. DriveStrike – The Smart Choice

Policies: Organizational Protocol Your activity will be monitored while on the company network. For example, dates, times, and duration of access. [Company] [will / will not] reimburse the cost of devices. [Policy and maximum amount of hardware reimbursement]. [Company] [will / will not] reimburse the cost of services. [Policy and maximum monthly amount of data and voice usage reimbursement]. DriveStrike – The Smart Choice

Incidents Incidents involving devices that contain corporate data – such as a lost or stolen device, or suspicion of unauthorized access – must be immediately reported to your manager and the IT department. DriveStrike – The Smart Choice

Policy Enforcement Technology Remote Wipe By connecting to [company]’s network and taking the necessary security measure, you agree to grant IT the ability to erase all data on the device, if it is necessary to do so to preserve [company]’s security and integrity. Encryption Data on the device and data transferred to and from [company]’s network must be encrypted. Contact the IT department to ensure that the required level of data encryption is present. Third Party Software [Insert details if 3rd party software is used for mobile device management and enforcement.] DriveStrike – The Smart Choice

Consequences of Non-Compliance The [Responsible Title] will be advised of breaches in the policy and is responsible for remediation. Failing to comply with these policies and procedures may result in one or more of the following: Suspension of technology use at the company. Loss of connection privileges. Disciplinary action. Termination of employment. DriveStrike – The Smart Choice

Questions? A copy of the Personal Mobile Device Acceptable Use Policy, reviewed here, must be signed before connecting any personal devices to the corporate network. The Remote Wipe Waiver must also be signed before connecting personal devices. This policy is available for future reference at [location]. Questions or comments about the policy should be directed to [name, phone number, e-mail]. DriveStrike – The Smart Choice