Here's a concise summary of the electronic login account policy:
Policy Overview:
This policy guides employees on secure electronic login practices to protect institutional data from hacking and misuse.
Best Practices (Acceptable Use):
- Protect Login Data: Keep credentials confidential.
- Strong Passwords: Use complex passwords and change them regularly.
- MFA: Enable Multi-Factor Authentication.
- Log Out: Log out after use, especially on shared devices.
- Report Suspicious Activity: Report unusual login attempts.
- Secure Devices: Use trusted devices and networks, avoid public Wi-Fi.
Prohibited Practices (Unacceptable Use):
- Sharing Login Data: Do not share credentials.
- Weak Passwords: Avoid simple or easily guessed passwords.
- Unsecured Devices: Do not use unprotected devices or networks.
- Open Accounts: Do not leave accounts open unattended.
- Personal Use: Do not use institutional accounts for personal purposes.
Corrective Procedures:
- Warning: Verbal or written warning.
- Account Suspension: Temporary suspension for repeated violations.
- Password Reset: Reset passwords after potential breaches.
- Mandatory Training: Cybersecurity training.
- Disciplinary Action: Suspension or dismissal for serious violations.
Login Use Examples:
- Correct: Secure device, strong password, MFA, proper logout.
- Incorrect: Sharing login data via email, leading to unauthorized access and account suspension.
Conclusion:
Adhering to security policies is vital for data protection. Sharing login data or using unsecured devices leads to breaches and strict corrective actions.
