En It Ro

Employees are required to comply with company policies on the use of IT tools and on information security and the processing and protection of personal data at all times, regardless of their working conditions.

Consequently, the employee must diligently and absolutely confidentially safeguard the personal and company data and information in his or her possession at all times, and take any additional precautions that are appropriate in relation to the place chosen for the performance of the service.

  1. Employees who work remotely are required to understand their responsibilities in the area of information security and personal data protection, and in this regard they should refer to the specific policies or instructions published on the company intranet, including:
    • Finwave SGSI 27001 policy
    • PSQ-400_F Acceptable Use of Business Instruments Policy
    • PSQ-402_F Information Classification Policy
    • PSQ-404_F IT Infrastructure Access Policy
    • PSQ-406_F Secure Office Policy

with particular attention to the following (see also Remote working - security measures below):

      • Ensure that the supplied computer has up-to-date antivirus software and up-to-date operating system;
      • Do not use the supplied computer in public places or on public transport;
      • When connecting to the internet, do not use open or public WI-FI networks even if they require a password, but rather always use those that show a secure connection with access through registration and password and that display the WPA2 protection option;
      • Laptops should not be left unattended; always use the “screen lock” function when not using them and they should be stored in a safe place when not in use;
      • Always safeguard the confidentiality of information: therefore, always check the positioning of the equipment, which must prevent the screen from being seen by unauthorised persons;
      • If necessary, and if you are authorised to use external media (USB/DVD etc.), please note that confidential information or personal data must be protected on the device used through encryption;
      • The employee must immediately report any detection of a cybersecurity incident or suspected data breach to the Help Desk, as specified in the operational instruction in force in the relevant department with regard to Security Incident Management.
  1. When accessing company applications via the Internet, the employee is encouraged to use the computer instruments made available by Finwave S.p.A. with caution and awareness given the growing increase in computer crime.
  2. Employees who fail to comply with the Company's instructions concerning their conduct in relation to remote working may be held liable under internal policies and regulations and under legal provisions.

The Company is not liable for any data processing breaches involving Finwave's and/or its customers' personal data, which occurred due to the employee's work location choice and/or use of company assets that did not comply with the Company's policies and regulations.

 

Remote Working - Security Measures

 

1 Always refer to the company's established IT security procedures and practices, even when working remotely. The company will check that the procedures are correctly observed and security measures are applied, including those set out below.

 

2 Preserve the confidentiality of information by scrupulously respecting Information Security, especially when handling Confidential or Personal Data.

 

 

3 Use only personally assigned and company-provided IT working tools (e.g. laptops, smartphones, etc.), and exclusively. The use of personal devices (in Bring Your Own Device (BYOD) mode) is only allowed if authorised in advance by the company.

 

4 If there are other devices connected to your home network (e.g. Amazon Alexa, etc.), make sure that these provide appropriate protection for the data processed by them.

 

 

5 Use only wired connections, or, Wi-Fi (e.g. corporate mobile phone (tethering), corporate Wi-Fi router, etc.) with the latest security protocols where available and protected by high-complexity passwords.

 

6 Where possible, access services exposed via protocols that encrypt the traffic exchanged (e.g. HTTPS).

 

7 IT working tools must not be left unattended, and when not in use they must be secured (e.g. locked in cabinets, use of a padlock if provided, etc.).

 

 

8 Do not divulge any company information (e.g. personal data, various credentials, etc.) by e-mail, verbally, on paper, etc. without explicit authorisation from the company. The above restriction is also extended to family members and/or cohabitants.

 

9 Do not leave paper documents containing Confidential data unattended (e.g. on your printer, in your home, in shared spaces, etc.). Destroy Confidential paper documents when no longer needed.

 

 

10 Where exceptionally permitted, external storage media (e.g. USB sticks, etc.) must be used, ensuring that the data contained on them is appropriately protected (e.g. encrypted using 7-Zip software with high-complexity passwords and “AES-256” encryption, etc.).

 

 

 11 Do not install or run programmes (or smartphone/tablet apps) that violate the law (on computer crime, copyright, etc.), and do not install programmes that have not been authorised by the company in advance.

 

 

 12 Always keep the software (operating system, antivirus, etc.) installed on the instruments up to date. Ensure that the operating system's protection software (e.g. antivirus, etc.) is working properly.

 

13 If a Malware (e.g. computer virus, etc.) is found to be infecting your work computer, disconnect the wired network and/or Wi-Fi, or switch off the computer quickly. Then contact the company's technical support immediately.

 

14 Always be cautious and careful when checking e-mails received (even if from colleagues or known and/or trusted senders), in order to intercept possible Phishing attacks (online scams perpetrated via e-mail).

 

15 Always use only your own company accounts, (also for collaboration and cloud tools). Do not use personal accounts and/or passwords for work-related activities.

 

 

16 Only use company-authorised collaboration and cloud systems (e.g. Microsoft Teams, G Suite by Google Cloud, Skype for Business, Cisco Webex, Microsoft OneDrive, etc.) to communicate within the company. For video conferencing devices in particular, if the instrument being used allows it, activate background matting (Blurring), so as not to unintentionally show personal information.

 

17 Use the IT resources used by the various collaboration and cloud tools only when necessary, and “sparingly”, so as to limit possible saturation of them

 

18 Should you have any problems (e.g. malfunctions, new configurations, malware infection, phishing mails, etc.) with your IT tools, please contact your technical support.

 

 

Fill out the form, the download of the resource will start immediately after.

By clicking on the "Confirm" button, I declare that I have read and understood the marketing disclaimer and that I consent to the processing of the data provided for sending the requested material.

Thank you for your message.

Error

Your request has been successfully submitted

Error while submitting the form