Why This Training Matters
As staff members of Grai Technologies Ltd, you have access to our organisation's IT resources, including devices, networks, and data. It's essential that you use these resources responsibly and securely to protect our organisation's reputation and assets. Failure to comply with our Acceptable Use Policy may result in disciplinary action, including termination. In this training, we'll cover the key points of our policy and what you need to do to stay secure.
Purpose and Scope
- Applies to all Company devices and resources
- Limited personal use permitted
- Must comply with policy
Our Acceptable Use Policy defines what is acceptable use of our IT resources. It applies to all Company devices, networks, email, cloud services, and data. As staff members, you must comply with this policy. Remember, our IT resources are for business purposes, with limited personal use permitted. Always use your best judgement when using our IT resources.
Understand the policy's purpose and scope
Acceptable Use
- Only use approved software
- Lock workstations when away
- Never share credentials
When using our IT resources, only use approved software and request exceptions through IT if needed. Always lock your workstation when away using Windows+L or Cmd+Ctrl+Q. Never share your credentials with anyone, as IT will never ask for your password. These simple steps can help prevent security breaches and protect our organisation's data.
Use approved software and protect your credentials
Prohibited Activities
- No illegal or offensive material
- No personal financial gain or crypto mining
- No bypassing security measures
There are certain activities that are strictly prohibited when using our IT resources. These include accessing illegal, offensive, or explicit material, using our resources for personal financial gain or crypto mining, and bypassing firewalls, antivirus, or endpoint detection. Additionally, never use personal USB devices or unauthorised peripherals, engage in peer-to-peer file sharing, or send bulk unsolicited emails. These activities can put our organisation at risk and are strictly prohibited.
Know what's prohibited
Data Handling
- Classify data correctly
- Protect Confidential data
- Use secure transfer methods
When handling data, it's essential to classify it correctly as Public, Internal, Confidential, or Restricted. Never store Confidential data on personal devices or cloud services. When transferring data externally, use approved secure methods only. If you're unsure about the classification of data, always treat it as Confidential. Finally, collect printed confidential documents immediately and shred them when done.
Handle data securely
Email
- No personal service registration
- Verify sender's email
- Report phishing emails
When using company email, never register for personal services using your company email address. Always verify the sender's email address before clicking on links. If you receive a phishing email, report it immediately using the Report Phish button or emailing security@grai.ie. Finally, never auto-forward your email to external addresses.
Use company email securely
Remote Work
- Use VPN for internal resources
- No public Wi-Fi without VPN
- Shield screens in public
When working remotely, always use a VPN to access internal resources. Never use public Wi-Fi without a VPN. When working in public, shield your screen from others and never leave your devices unattended. These simple steps can help protect our organisation's data and prevent security breaches.
Work remotely securely
Incident Reporting
- Report incidents immediately
- Do not investigate yourself
- No penalties for good-faith reporting
If you suspect a security incident, such as a phishing email, lost device, or unauthorised access, report it immediately to security@grai.ie or ext 4400. Do not investigate the incident yourself. Remember, there are no penalties for good-faith reporting, and failure to report is a violation of our policy.
Report incidents promptly
Monitoring
- Company monitors IT resource use
- No expectation of privacy
Our organisation monitors all IT resource use, and you should not expect any privacy on Company systems. This monitoring helps us detect and prevent security breaches and ensure compliance with our policy.
Understand monitoring
Enforcement
- Disciplinary procedures apply
- Serious violations: suspension, termination, or law enforcement referral
Our organisation takes compliance with our Acceptable Use Policy seriously. Disciplinary procedures will be applied in cases of non-compliance, and serious violations may result in suspension, termination, or referral to law enforcement.
Understand enforcement
Key Actions
- Use approved software
- Protect credentials
- Handle data securely
- Report incidents promptly
- Understand prohibited activities
To recap, always use our IT resources responsibly and securely. Use approved software, protect your credentials, and handle data securely. Report incidents promptly, and understand what's prohibited. By following these key actions, you can help protect our organisation's reputation and assets.
Stay secure and responsible