Information security house rules
Here you will find rules of information and IT security as video and in text format, or as PDF for printing.
Adhere to applicable rules
![Regel 1](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage/image.imageformat.textsingle.2120814064.png)
- Inform yourself regarding the applicable rules, especially the ETH Zurich Acceptable Use Policy for Information and Communications Technology (BOT).
- Be aware that you are responsible for your actions.
- Respect the privacy of others.
Avoid the misuse of systems and passwords
![Regel 2](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_1205438536/image.imageformat.textsingle.1977347878.png)
- Select passwords which are difficult to guess. Keep them secret and observe the password rules.
- Use a password-?protected screen saver whenever you leave your workplace.
- Logout or turn off computers when you are absent or do not need to use the system.
Always keep your systems up to date
![Regel 3](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_316157298/image.imageformat.textsingle.720403091.png)
- Make sure the virus scanner software is being updated regularly. Never disable such security features.
- Ensure that systems and applications are updated to current versions.
- Turn off all programmes and services that you do not need for your work.
Protect your information from misuse
![Regel 4](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_1618147490/image.imageformat.textsingle.549390275.png)
- Grant access only to authorised persons.
- Never leave mobile devices such as laptops, smartphones or USB sticks unattended.
- Use screen filters if necessary.
- Encrypt sensitive information.
- Create regular backups.
- Note confidentiality notices in documents and classify your documents when creating them.
Use only legally obtained (and licensed) products
![Regel 5](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_858983374/image.imageformat.textsingle.1812802865.png)
- Respect copyright and license restrictions of applications and data.
- Use only programmes and data for which you are authorised and for their intended use.
Use email and Internet cautiously
![Regel 6](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_1104412450/image.imageformat.textsingle.1214675910.png)
- Remember that email attachments can contain viruses or malicious programmes.
- Check where links really lead to before you click on them.
- Download programmes and data only from trusted sources; scan downloads with your antivirus programme.
- Scan downloads and external storage media with your virus protection programme.
Report incidents immediately
![Regel 7](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_1008950300/image.imageformat.textsingle.49254552.png)
- Consider breaches of confidentiality or unexpected changes to data as an incident.
- Report any security-related incidents immediately to your IT support centre.
Inform yourself about Cloud Computing and Social Media
![Regel 8](/staffnet/en/it-services/it-security/awareness/information-security-house-rules/_jcr_content/par/textimage_2027814701/image.imageformat.textsingle.1308409816.png)
- Check the legal conditions of the provider and clarify whether they comply with ETH Zurich regulations.
- The outsourcing of sensitive data of ETH Zurich is not permitted (Compliance Guide). For such data, use ETH's polybox or other internal ETH services.
- Please observe the ETH Zurich Social Media Guidelines