POLICY ON THE USE OF COMPANY EQUIPMENTS,

THE INTERNET, COMPUTERS AND INFORMATION SECURITY

General Use and Ownership
1. CyberFog proprietary information stored on electronic and computing
devices whether owned or leased by CyberFog, the employee or a third
party, remains the sole property of CyberFog. You must ensure through
legal or technical means that proprietary information is protected in
accordance with the Data Protection Standard.
2. You have a responsibility to promptly report the theft, loss or
unauthorized disclosure of CyberFog proprietary information.
3. You may access, use or share CyberFog proprietary information only to
the extent it is authorized and necessary to fulfill your assigned job
duties.
4. Employees are responsible for exercising good judgment regarding the
reasonableness of personal use. Individual departments are responsible
for
creating
guidelines
concerning
personal
use
of
Internet/Intranet/Extranet systems. In the absence of such policies,
employees should be guided by departmental policies on personal use,
and if there is any uncertainty, employees should consult their supervisor
or manager.
5. For security and network maintenance purposes, authorized individuals
within CyberFog may monitor equipment, systems and network traffic at
any time, per infosec's policy.
6. CyberFog reserves the right to audit networks and systems on a periodic
basis to ensure compliance with this policy.

Use of Equipment
All CyberFog property including desks, storage areas, work areas, lockers,
file cabinets, computer systems, office telephones, cellphones, modems,
copy/xerox machines, duplicating machines, servers and rack servers, special
machines and vehicles must be used properly and maintained in good
working order. Employees who lose, steal, or misuse company property may be
personally liable for replacing or repairing the item.
CyberFog reserves the right, at all times and without further notice, to inspect
and search all CyberFog property for the purpose of determining whether this
1

policy or any other policy of CyberFog has been violated, or when an inspection
and investigation is necessary for purposes of promoting safety in the
workplace or compliance with state and federal laws. These inspections may be
conducted during or outside of business hours and in the presence or absence
of the affected employee.
To protect CyberFog legitimate business interests, CyberFog reserves the right
to question and inspect or search any employee or other individual entering or
leaving company premises, with or without notice. The inspection or search
may include any packages or items that the individual may be carrying,
including briefcases, handbags, knapsacks, shopping bags, et cetera. The
individual may be requested to display the contents of any packages and/or
turn out his or her pockets, et cetera, in the presence of a representative of
the CyberFog, typically a management employee of the same gender. ???
Whether information is entered or sent during or outside of working time,
employees have no right of privacy as to any information or file maintained in
or on Company property or transmitted or stored through Company computer
systems, voice mail, e-mail or other technical resources. If, during the course
of your employment, you perform or transmit work on Company computer
systems or other technical resources, your work may be subject to the
investigation, search and review of others in accordance with this policy. In
addition, any electronically stored communications that you either send to or
receive from others may be retrieved and reviewed when doing so serves the
legitimate business interests and obligations of the Company.
Employees should use the computer systems only for business purposes. Using
e-mail or the Internet for personal, non-business, purposes is prohibited during
working time.
Unacceptable Use of the Internet
In addition to the requirements stated above, use of the Internet must not
disrupt the operation of the CyberFog network or the networks of other users,
and must not interfere with the productivity of any employee. Copyrighted
materials belonging to entities other than CyberFog may not be transmitted by
employees on the Internet. One copy of copyrighted material may be
downloaded for an employees personal use in research if pre-approved by the
employees manager. Employees are not permitted to copy, transfer, rename,
add or delete information or programs belonging to other users unless given
express permission to do so by the owner of such information or programs.
Employees should be aware that harassment of any kind is prohibited. No
2

messages with derogatory or inflammatory remarks about an individual or

groups age, disability, gender, race, religion, national origin, physical
attributes, sexual preference or any other classification protected by federal,
state or local law will be transmitted.

Security and Proprietary Information

All mobile and computing devices that connect to the internal network
must comply with the CyberFog minimum access policy and with this
Employee Handbook.
1. System level and user level passwords must comply with the Password
Policy and change these at least every 2 months. Providing access to
another individual, either deliberately or through failure to secure its
access, is prohibited.
2. During some meetings, all mobile devices (smartphones, tablets, laptops,
etc.) will be left in a specified place outside of the respective meeting
room.
3. All computing devices must be secured with a password. You must lock
the screen or log off when the device is unattended.
4. Postings by employees from a CyberFog email address to newsgroups
should contain a disclaimer stating that the opinions expressed are
strictly their own and not necessarily those of CyberFog, unless posting is
in the course of business duties.
5. Employees must use extreme caution when opening e-mail attachments
received from unknown senders, which may contain malware, phishing or
other strange attachments.
6. Employees must use encrypted information on our own cloud on our
special equipments.
7. The use of USB sticks is only for business/CyberFog in the company
location. For this matter you can only use the USB that will be provided
for you by the company, the use of another USB is strictly prohibited.

Unacceptable Use
The following activities are prohibited. Employees may be exempted from
these restrictions during the course of their legitimate job responsibilities (e.g.,
systems administration staff may have a need to disable the network access of
3

a host if that host is disrupting production services).

Under no circumstances is an employee of CyberFog authorized to engage in
any activity that is illegal under local, state, federal or international law while
utilizing CyberFog owned resources.
The lists below are by no means exhaustive, but attempt to provide a
framework for activities which fall into the category of unacceptable use.
System and Network Activities
The following activities are strictly prohibited, with no exceptions:
1. Violations of the rights of any person or company protected by copyright,
trade secret, patent or other intellectual property, or similar laws or
regulations, including, but not limited to, the installation or distribution
of "pirated" or other software products that are not appropriately
licensed for use by CyberFog.
2. Unauthorized copying of copyrighted material including, but not limited
to, digitization and distribution of photographs from magazines, books or
other copyrighted sources, copyrighted music, and the installation of any
copyrighted software for which CyberFog or the end user does not have
an active license is strictly prohibited. ???
Employees will be given an electronic mail password when granted access to
the Internet or the CyberFog electronic mail system. Employees must change
these passwords every 2 months. There is a possibility that sometimes some
passwords must be made known to the CyberFog members/managers or
supervisors. Because your system may need to be accessed by CyberFog when
you are absent, your computer will be able to access specific member of
CyberFog computer equipment, electronic mail and Internet accounts. ???
Each employee is responsible for the content of all text, audio or images that
they place or send over the Internet. All messages communicated on the
Internet should have your name attached. No messages will be transmitted
under an assumed name. Employees or other users may not attempt to
obscure the origin of any message. Employees who wish to express personal
opinions on the Internet are encouraged to obtain their own user names on
other Internet systems.

Consensus Policy Resource Community

3. Accessing data, a server or an account for any purpose other than
4

conducting CyberFog business, even if you have authorized access, is

prohibited.
4. Exporting software, technical information, encryption software or
technology, in violation of international or regional export control laws, is
illegal. The appropriate management should be consulted prior to export
of any material that is in question.
5. Introduction of malicious programs into the network or server (e.g.,
viruses, worms, Trojan horses, phishing e-mail, etc.).
6. Revealing your account password to others or allowing use of your
account by others. This includes family and other household members
when work is being done at home.
7. Using a CyberFog computing asset to actively engage in procuring or
transmitting material that is in violation of sexual harassment or hostile
workplace laws in the user's local jurisdiction. - Unacceptable Use these
type of activities are prohibited.
8. Making fraudulent offers of products, items, or services originating from
any CyberFog account, product or service. - Unacceptable Use these
type of activities are prohibited.
9. Making fraudulent information of products, items, or services originating
from any CyberFog trade secret, patents or all other else could be
considered intellectual property. - Unacceptable Use these type of
activities are prohibited.
10.
Making statements about warranty, expressly or implied, unless it
is a part of normal job duties.
11.Effecting security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which
the employee is not an intended recipient or logging into a server or
account that the employee is not expressly authorized to access, unless
these duties are within the scope of regular duties. For purposes of this
section, "disruption" includes, but is not limited to, network sniffing,
pinged floods, packet spoofing, denial of service, and forged routing
information for malicious purposes. ???
12.
Port scanning or security scanning is expressly prohibited unless
prior notification to Infosec is made.
13.
Executing any form of network monitoring which will intercept data
not intended for the employee's host, unless this activity is a part of the
5

employee's normal job/duty.

14.
Circumventing user authentication or security of any host, network
or account.
15.
Introducing external unauthorized honeypots, honeynets, or similar
technology on the CyberFog network.
16.
Interfering with or denying service to any user other than the
employee's host (for example, denial of service attack).
17.
Using any program/script/command, or sending messages of any
kind, with the intent to interfere with, or disable, a user's terminal
session, via any means, locally or via the Internet/Intranet/Extranet.
18.
Providing information about, or lists of, CyberFog employees to
parties outside CyberFog.
Computer and System Security
All computers and the data stored on them are and remain at all times the
property of CyberFog. As such, all messages created, sent or retrieved over the
Internet or the companys electronic mail system are the property of
CyberFog, and could be considered public information. The Company reserves
the right to retrieve and read any message composed, sent or received on the
companys computer equipment and electronic mail system. Employees should
be aware that, even when a message is deleted or erased, it is still possible to
recreate the message; therefore, ultimate privacy of a message cannot be
ensured to anyone. Accordingly, Internet and electronic mail messages are
public communication and are not private. Furthermore, all communications,
including text and images, can be disclosed to law enforcement or other third
parties without prior consent of, or notice to, the sender or the receiver. ???
Violations
Violations of any guidelines listed above may result in disciplinary action up to
and including termination. In addition, CyberFog may advise appropriate legal
officials of any illegal violations. This policy is in no way intended to modify the
at-will nature of employment with CyberFog.
We reserve the right to act (summon) in court and we can require moral and
financial prejudice or damages, according with applicable law.

Consensus Policy Resource Community

Email and Communication Activities
6

When using company resources to access and use the Internet, users must
realize they represent the CyberFog company. Whenever employees state an
affiliation to the company, they must also clearly indicate that "the opinions
expressed are my own and not necessarily those of the company". Questions
may be addressed to the IT Department
1. Sending unsolicited email messages, including the sending of "junk mail" or
other advertising material to individuals who did not specifically request such
material (email spam).
2. Any form of harassment via email, telephone or paging, whether through
language, frequency, or size of messages.
3. Unauthorized or fake use of email header information.
4. Solicitation of email for any other email address, other than that of the
poster's account, with the intent to harass or to collect replies.
5. Creating or forwarding "chain letters" or other "pyramid" schemes of any
type.
6. Use of unsolicited email originating from within CyberFog networks of other
Internet/Intranet/Extranet service providers on behalf of, or to advertise, any
service hosted by CyberFog or connected via CyberFog network.
7. Posting the same or similar non-business-related messages to large
numbers of Usenet newsgroups (newsgroup spam).

Blogging and Social Media

1. Blogging by employees, whether using CyberFog property and systems or
personal computer systems, is also subject to the terms and restrictions set
forth in this Policy. Limited and occasional use of CyberFog systems to engage
in blogging is acceptable, provided that it is done in a professional and
responsible manner, does not otherwise violate CyberFog policy, is not
detrimental to CyberFog's best interests, and does not interfere with an
employee's regular work duties. Blogging from CyberFog systems is also
subject to monitoring.
2. CyberFog Confidential Information policy also applies to blogging/social
media posting. As such, Employees are prohibited from revealing any CyberFog
confidential or proprietary information, trade secrets or any other material
covered by CyberFog Confidential Information policy when engaged in
blogging.
7

3. Employees shall not engage in any blogging that may harm or tarnish the
image, reputation and/or goodwill of CyberFog and/or any of its employees.
Employees are also prohibited from making any discriminatory, disparaging,
defamatory or harassing comments when blogging or otherwise engaging in
any conduct prohibited by CyberFogs Non-Discrimination and Anti-Harassment
policy.
4. Employees may also not attribute personal statements, opinions or beliefs to
CyberFog when engaged in blogging. If an employee is expressing his or her
beliefs and/or opinions in blogs, the employee may not, expressly or implicitly,
represent themselves as an employee or representative of CyberFog.
Employees assume any and all risk associated with blogging.
5. Apart from following all laws pertaining to the handling and disclosure of
copyrighted or export controlled materials, CyberFogs trademarks, logos and
any other CyberFog branding and intellectual property may also will be used
only in connection with CyberFog business activity and interests.

Policy Compliance
1. Compliance Measurement
The Infosec team will verify compliance to this policy through various methods,
including but not limited to, business tool reports, internal and external audits,
and feedback to the policy owner.
2. Exceptions
Any exception to the policy must be approved by the management team,
infosec team / HR team in advance.
3. Non-Compliance
An employee found to have violated this policy may be subject to disciplinary
action, up to and including termination of employment.