fbpx

Endpoint Security Policy

Table of Contents

Purpose

Social Workshop is a global business with staff and contractors living and working all over the world.  Therefore mobile endpoints are in constant use for company activities.  

Scope

In this context, an endpoint is any device which a Social Workshop Ltd employee or contractor uses in connection with delivering a service to, or furthering the business interests of, Social Workshop Ltd.  This includes devices owned by the Company and devices owned by Company staff and contractors which are used on an approved bring you own device (BYOD) basis. Examples of endpoints include, but are not limited to;

  • Desktop or laptop computers
  • Tablets and convertible computers
  • Mobile phones
  • Reading devices such as Kindle or other e-ink devices
 

This policy is also in conjunction with the Data Protection Policy.  Specifically, that policy states that company data should not be stored on any endpoint without the written permission of the Compliance Team.

Policy

  • Company managed Apple MacBook devices are supplied to all permanent members of staff.  These devices remain the property of the Company and are centrally managed and administered via a Mobile Device Management (MDM) software which controls and monitors the software installed on each device.
  • All Company managed devices are scanned daily by a centralised Company managed antivirus software.  Any issues flagged will be reviewed and remediated by our compliance team within a 24 hour window. 
  • The physical security of ‘your’ endpoint is your personal responsibility so please take all reasonable precautions.  Be sensible and stay alert to the risks.
  • Keep your endpoint in your possession and within sight whenever possible, just as if it were your wallet, handbag or mobile phone.  Be extra careful in public places such as airports, railway stations or restaurants.  It takes thieves just a fraction of a second to steal an unattended endpoint.
  • If you have to leave the endpoint temporarily unattended in the office, meeting room or hotel room, even for a short while, use an endpoint security cable or similar device to attach it firmly to a desk or similar heavy furniture.  These locks are not very secure but deter casual thieves.
  • Lock the endpoint away out of sight when you are not using it, preferably in a strong cupboard, filing cabinet or safe.  This applies at home, in the office or in a hotel.  Never leave an endpoint visibly unattended in a vehicle.  If absolutely necessary, lock it out of sight in the boot or glove box but it is generally much safer to take it with you.
  • Where users make use of their own device for work purposes (BYOD), this device must be equipped with endpoint management software which allows the Company to secure a portion of the device for work purposes only.  This ensures that business data is kept safe whilst, at the same time, preserving a user’s privacy to use their own device however they wish.  Social Workshop Ltd’s endpoint management solution supports Windows, MacOS, iOS and Android devices and provides centralised control over the business portion of any device and prevents the transfer of data outside the Company.
  • Endpoints must use a login password or other suitable strong biometric authorisation mechanism.
  • A password enabled screensaver should be used to lock the device after 5 minutes of inactivity.
  • A Company authorised antivirus, malware protection and password manager must be used on every endpoint.
  • E-mail attachments are now the number one source of computer viruses.  Avoid opening any email attachment unless you were expecting to receive it from that person.
  • Report any security incidents (such as virus infections) promptly to the Compliance team in order to minimise the damage.
  • You are personally accountable for all network and systems access under your user ID, so keep your password absolutely secret.  Never share it with anyone, not even members of your family, friends or IT staff.
  • Company endpoints are provided for official use by authorised employees.  Do not loan your device or allow it to be used by others such as family and friends.
  • Use of removable storage is controlled and not permitted on Social Workshop Ltd owned devices without approval from the Compliance Team.

Revision history

Version Date Description of Changes
V1 July 13th, 2022 Initial Creation
V2 August 31st, 2022 Major update and publication
V2.1 October 31st, 2023 Reviewed with minor updates for new website
V2.2 August 22nd, 2024 Reviewed with minor updates