Policy for the Use of Information Technology Tools

Last update: 18 November 2024

Foreword

WEP srl has updated and summarized the provisions for the use of company communication tools (telephone, email, computers, and Internet) to ensure data protection and security.

Basic Principles:

Internet: Browsing is only permitted for sites pertaining to normal work activity.
Downloads: Prohibited (software, music, videos) unless expressly authorized.
Email: Exclusively for work purposes; personal use is not permitted.

1. Access to the Computer System

Every user must have a personal, non-transferable identification code (userid).

1.1 Password Security Rules

Length: Minimum 8 characters.
Complexity: Must contain uppercase, lowercase, numbers, and special characters.
Rotation: Must be changed at least every 6 months.
Storage: Use a Password Manager (1Password or Vault). Never write passwords on post-its or share them.

2. Use of the Workstation (Mac/PC)

Users are responsible for the preservation of equipment. Any anomalies must be reported immediately to the manager and via the IT Support Form.

3. Use of Removable Devices

The use of USB sticks, SD disks, and external hard drives must be strictly for business purposes to avoid data theft or malware transmission.

In case of theft/loss, notify IT immediately.
Return all devices upon resignation or retirement.

4. Use of Software

Installation: Only licensed software is permitted. Do NOT install games, unauthorized screen savers, or unvetted tools.
Configurations: Do not change security settings or disable Antivirus/Antispyware.
Illegal Use: Intercepting or falsifying computer communications is strictly prohibited.

5. Use of the Internet

The Internet is the primary vector for malware (viruses, spyware, keyloggers).

Security

Antivirus and Firewall software must be active at all times. They are updated in real-time by a central engine.

Do not participate in non-professional forums or chat-lines.
Respect Netiquette and copyright laws.

6. Use of Emails

Company email is a work tool. It should only contain messages regarding work activities.

6.1 Phishing Defense

To defend against Phishing (identity theft):

Report: Use the email client (Outlook) to report the email as phishing.
Review: IT Admin will check the report via Microsoft Defender.
MFA: Multi-Factor Authentication is mandatory for all accounts.

7. Use of Telephony

Authorized employees are provided with a VOIP service (JustCall) for business calls. "Special" high-cost numbers (e.g., 199, 166) are inhibited.

8. Computer Control Systems

WEP uses Intune for remote maintenance and troubleshooting.

Access requires user consent via a "pop-up" window.
WEP does not perform covert analysis or read personal keyboard inputs.

9. Computer Incident Reporting

If you notice abnormal behavior (virus alerts, receipt of "strange" emails, unauthorized access), report it immediately to the Digital Support team.

See document: "What to do if I think I am cyber attacked" for reference.

— WEP Digital Support

Foreword​

1. Access to the Computer System​

1.1 Password Security Rules​

2. Use of the Workstation (Mac/PC)​

3. Use of Removable Devices​

4. Use of Software​

5. Use of the Internet​

6. Use of Emails​

6.1 Phishing Defense​

7. Use of Telephony​

8. Computer Control Systems​

9. Computer Incident Reporting​