Get Set Device Security Policy

Overview

Get Set is a virtual organisation and panel members are allowed to use their own devices for work. This Device Security Policy is based on best practices adopted around the world in all industry sectors. The purpose of the policy is to ensure that devices are secured against the most basic software vulnerabilities as well as unauthorised physical access (including theft, snooping etc.).

Get Set staff, contracted staff (finance, marketing etc) and panel members are required to comply with this Device Security Policy.

Password and device access requirements

  • Laptops must have a strong login password, preferably a passphrase (minimum 8 characters).
  • See https://www.useapassphrase.com/ for why passphrases are more secure and to get help generating passphrases if required.
    Laptops must have a screensaver password enabled. This means that you will need to enter your login password every time you exit the screensaver.
  • Laptops must have a screensaver inactivity timer enabled. This means that should you leave your laptop unlocked for a period your screensaver must activate. The recommended inactivity time is 5 minutes.
  • Biometric authentication is also allowed, so if you have a fingerprint authentication feature on your laptop or face ID on your mobile phone, that is also fine to use to unlock from screensaver mode or sleep mode.
  • In general, when you leave your machine unattended, it is best practice to lock your machine yourself.

Disk encryption requirements

The benefit of disk encryption is that in the event of a laptop being stolen, data is not readable if the disk is removed and placed in another computer. Most modern operating systems support disk encryption, and the feature can often be enabled after the machine is installed and in use.

  • For Microsoft Windows 10 enable BitLocker. (Encryption of used space instead of entire disk is acceptable).
  • For Mac OSX enable File Vault.
  • For Linux OS’s there are many options including eCryptfs on Ubuntu, and dmcrypt/LUKS on other distributions.

NB: Once setup, ensure that if you use a recovery key, that it is safely backed up.

Anti‐Virus Requirements

All Laptops must have an Anti‐Virus program installed and active for disk, and if available, web‐access. This is non‐negotiable.

  • For Mac and Windows laptops: Avast or Sophos Home Anti‐Virus is free and offers good protection and updates regularity.
  • For Linux: Sophos also offer a free anti‐virus.

If you have never had an anti‐virus installed on an older‐laptop that has been used for some time, please ensure that you perform a full system scan once the AV program has been installed and has had its virus signature DB updated.

Software Updates

All employees, contractors and panel members must ensure that all operating system and core application (e.g. MS Office etc.) software updates are turned on and that they are installed either automatically by the system updater software, or manually when notifications of updates become available.

When critical vulnerabilities for an operating system are discovered and staff are alerted, any updates which address these vulnerabilities must be installed as soon as they become available.