Information security house rules
Here you will find rules of information and IT security as video and in text format, or as PDF for printing.
Adhere to applicable rules
- Inform yourself regarding the applicable rules, especially the ETH Zurich Acceptable Use Policy for Information and Communications Technology (BOT).
- Be aware that you are responsible for your actions.
- Respect the privacy of others.
Avoid the misuse of systems and passwords
- Select passwords which are difficult to guess. Keep them secret and observe the password rules.
- Use a password-protected screen saver whenever you leave your workplace.
- Logout or turn off computers when you are absent or do not need to use the system.
Always keep your systems up to date
- Make sure the virus scanner software is being updated regularly. Never disable such security features.
- Ensure that systems and applications are updated to current versions.
- Turn off all programmes and services that you do not need for your work.
Protect your information from misuse
- Grant access only to authorised persons.
- Never leave mobile devices such as laptops, smartphones or USB sticks unattended.
- Use screen filters if necessary.
- Encrypt sensitive information.
- Create regular backups.
- Note confidentiality notices in documents and classify your documents when creating them.
Use only legally obtained (and licensed) products
- Respect copyright and license restrictions of applications and data.
- Use only programmes and data for which you are authorised and for their intended use.
Use email and Internet cautiously
- Remember that email attachments can contain viruses or malicious programmes.
- Check where links really lead to before you click on them.
- Download programmes and data only from trusted sources; scan downloads with your antivirus programme.
- Scan downloads and external storage media with your virus protection programme.
Report incidents immediately
- Consider breaches of confidentiality or unexpected changes to data as an incident.
- Report any security-related incidents immediately to your IT support centre.
Inform yourself about Cloud Computing and Social Media
- Check the legal conditions of the provider and clarify whether they comply with ETH Zurich regulations.
- The outsourcing of sensitive data of ETH Zurich is not permitted (Compliance Guide). For such data, use ETH's polybox or other internal ETH services.
- Please observe the ETH Zurich Social Media Guidelines