Employee Information Security Guidelines
This guideline is mandatory for all company employees using MacBook, iPhone, and corporate services.
Lack of knowledge of these requirements does not exempt from responsibility.
¶ 🔒 2. Device Locking and Physical Security
- MacBook and iPhone must always be locked when unattended.
- Auto-lock settings:
- iPhone — no more than 1 minute;
- MacBook — on lid close / wake from sleep.
- Devices must not be left unattended in public places.
¶ 🔑 3. Passwords, Biometrics, and Password Manager
- Face ID and Touch ID are prohibited.
- Only strong alphanumeric passwords are allowed.
- Bitwarden is the only approved password manager.
- Requirements:
- unique master password;
- 2FA enabled;
- usage only on work devices.
- Storing passwords in browsers or sharing them with third parties is prohibited.
¶ 💾 4. Encryption, iCloud, and System Settings
- FileVault on MacBook is mandatory.
- Automatic login is prohibited.
- Syncing work data via iCloud is prohibited.
- Apple ID must not be used to store corporate data.
- Installation of new software and OS / app updates is performed only via the system administrator. Self-installation and self-updates are prohibited.
¶ 🧩 5. Separation of Work and Personal Data
- Work and personal data must be fully separated:
- different phone numbers;
- different Apple IDs;
- different Telegram accounts.
- Use of personal devices for work tasks is prohibited.
¶ 💬 6. Communications and Messengers
- Mattermost is the primary and mandatory internal communication channel.
- Telegram is used only as a secondary channel.
- Discussing sensitive information outside Mattermost is prohibited.
- When using messengers:
- personal and work accounts must not be linked;
- forwarding work information to personal chats, channels, clouds, or other personal resources is prohibited;
- using personal accounts to communicate with clients is prohibited.
- To reduce the risk of Telegram dialog blocks:
- clients must be added to the contacts of the work account.
¶ 📶 7. SIM Cards and Connectivity
- New SIM cards without KYC are used.
- Personal SIM cards in work devices are prohibited.
- SIM cards are used only for work accounts, internet access, and 2FA.
- If SIM cards without KYC need to be issued or replaced, the employee must contact the system administrator.
¶ 🌐 8. VPN, Networks, and Connections
- The company uses a corporate VPN WireGuard.
- Access to corporate services is allowed only with an active VPN.
- The employee must constantly monitor VPN connection status.
- Before starting work, ensure the VPN is connected.
- During work, periodically verify that the VPN remains active.
- Any actions with corporate data while VPN is disconnected are prohibited.
- If the VPN disconnects, the employee must immediately:
- stop working;
- restore the VPN before continuing.
- Attempts to bypass the VPN, intentional disconnection, or ignoring its status are considered a serious violation.
- Public and untrusted Wi-Fi networks are allowed only with an active VPN.
¶ 🔌 9. Peripherals and External Devices
It is prohibited to connect:
- чужие флешки;
- unknown charging devices;
- external storage devices without approval from the system administrator.
¶ 📸 10. Data and Public Exposure
It is prohibited to:
- photograph screens;
- take screenshots of internal systems and publish them;
- publish photos of the workplace;
- discuss work-related matters in public places or on social media.
- All issues related to security, software, updates, connectivity, and access are handled exclusively through the system administrator.
- Independent decisions or changes are prohibited.
The employee must immediately notify the system administrator in case of:
- device loss;
- suspected compromise;
- phishing attempts;
- any VPN disconnection during work, including brief ones.
Before starting work, the employee must review and complete the following instructions:
-
🖥 Initial MacBook Setup
Detailed guide for initial setup of the work MacBook, system settings, and security requirements.
👉 MacBook Initial Setup Guide
-
📅 Corporate Calendar Synchronization
Instructions for proper setup and synchronization of the work calendar.
👉 Calendar Synchronization Guide
Violation of this guideline constitutes a breach of information security requirements and may result in restriction or revocation of access.