Skip to main content

EndpointSecurityPolicy

Endpoint Security Policy
Last updated: January 20, 2023

Introduction

  • This policy outlines how Zoracom protects unauthorized access to our production systems or customers' data via endpoints like laptops and phones that are used by Zoracom staff members. It also details what should be done if such endpoints are lost, destroyed, or otherwise damaged.

What is an endpoint?

  • An endpoint is any device that is physically an endpoint on a network. These can include laptops, desktops, mobile phones, tablets and servers.

What is endpoint security?

  • Endpoint security is used to protect Zoracom systems when accessed via remote devices such as laptops. Each laptop with an ability to access Zoracom systems can be a potential entry point for security threats.

Endpoint security at Zoracom

  • Zora Communication staff should take the following steps to ensure the security of the endpoints they use to perform their work.
  1. Zoracom I.T Administrator is responsible for installing critical firmware and software updates on the endpoints they use exclusively or those where they're the assigned owner. All communal assets (like large TVs etc.) should have assigned owners.
  2. Zoracom requires that all endpoints with access to production systems use an antivirus software to protect themselves and our production infrastructure from malware.
  3. All Zoracom staff are required to turn on the hard disk encryption option of their respective operating systems (ex: File vault on Mac).
  4. As detailed in the password policy, Zoracom staff should use strong passwords to protect unauthorized access to their system or any services they use. It is recommended that passwords are changed every Three (3) Months periodically.
  5. All Zoracom staff must turn on auto-screen-lock on their systems within a reasonable amount of inactive period. While the screen lock will protect your device in most cases, it is recommended that you do not leave your computer unattended and unlocked.
  6. Employees must immediately report lost, stolen, or damaged devices to the Zoracom management, which will then attempt to constrain access to production systems and customer data through the exposed device.
  7. Employees must follow the removable media guidelines outlined in Physical Security Policy.
  8. Endpoints may be verified for compliance to this policy through various methods, including but not limited to, periodic reviews, platform monitoring, and internal and external audits.

What is not necessary?

  • The endpoint security policy does not require:
  1. Content filtering
  2. Collect, log or track personal activity (including website visits or purchases)
  3. Remote viewing
  4. Key-logging

Non compliance

  • Zoracom staff who violate this policy may face repercussions in proportion to the impact of their violation. Zoracom management will determine how serious a staff member's offense is and decide the appropriate penalty. Penalties may include
    1. Reprimand
    2. Demotion
    3. Detraction of benefits for a definite or indefinite time
    4. Suspension or termination for more serious offenses