IT security is the key area of our company, please pay special attention to that. We have some policies and rules (e.g. passwords for Exchange & VPN account must be minimum 8 characters length and has to be changed every 180 days) and we know that it could bother you. But the only reason for having it is decreasing probability and impact of a security incident.
You must always inform responsible people in a case of
- IT security incident (e.g. virus, suspicious e-mail, person in the server room, etc.)
Following people are defined to be informed for such events:
- Prague : Ben Rothbauer
- Zlín: Petr Franta
- Bratislava: Štefan Majerníček
- Bucuresti: Daniela Iancu
The rules for using software at CN Group are defined as follows:
- It is mandatory to create strong passwords for all company systems.
- It is prohibited to save passwords to any company system at local drives in a decrypted form.
- It is prohibited to write passwords to any company system on boards, sheets of papers, desks, tables, etc.
- Usage of hacking and cracking tools is strictly prohibited; in a case of need such a tool because of education or testing purpose, approval by project and line manager must be provided.
- All workstations must be protected against unauthorized use. The easiest way is a password-protected screen-saver.
Please note that purchase and management software licenses usage is the responsibility of the IT department. You are allowed to use only the software that has been assigned to you. You are allowed to install free software for company business purposes, but read carefully EULA (End User Licence Agreement) before installation.
Regular check of installed software on your workstations is being performed. In a case of violating the licensing rules and not removing potential issues within one week, you will be brought to account with your line manager.
The rules for using hardware at CN Group are defined as follows:
- Never manipulate any hardware except your laptop or monitor.
- All laptops must be secured against theft by a physical laptop-lock, unless located in locked rooms.
Please note that all computer devices, printers, copiers, projectors, phones, printing paper and other equipment and material owned and/or funded by CN Group must be used for business purposes only. In a case you wish to use them for private purposes, you must beforehand obtain permission from your line manager.
Also please note that all PCs must be encrypted and it is strongly prohibited to turn-off encryption. For more detailed instructions how to encrypt your device, follow Intranet, section IT.
Company owns a set of mobile devices for development and testing purposes. Any manipulation with operating systems of these devices is prohibited. In a case you want to use any of those devices in your projects, ask following people:
- Prague: Jan Černý
- Zlín: Martin Balcárek
- Bratislava: Milan Piskla
It is allowed to use your own mobile devices using public company WiFi spots.
Access to company e-mails using your personal phones is allowed under a conditions that it is protected by fingerprint or at least with PIN or gesture.
Contact above mentioned responsible people if:
- your personal mobile with such access had been stolen or lost
- company mobile device assigned to you had been stolen or lost
- antivirus system in a company mobile device is turned off
What are the conditions to have access to company e-mail system using personal mobile device?
- access through not-easy-to-guess PIN or fingerprint or gesture
- WiFi disabled
- having a cover
Can a CN employee install free software for business purposes?
- Yes, but EULA has to be considered.
- Yes, but an authorization by IT department has to be provided.
How should laptops be secured against theft?
- physical laptop locks (e.g. Kensigton key)
- a protection against unauthorized usage (e.g. password protected screensaver)
- encryption of hard-drive
Who are the responsible persons to inform in a case IT security incident?
- Ben Rothbauer
- Petr Franta
- Josef Chroustal
- Štefan Majerníček
- Andrej Naď
- Daniela Iancu