Mobile Device Security
Healthy.io protects Mobile computing devices at all times by access control protocols, usage restrictions, connection requirements, encryption, virus protection, host-based firewalls or equivalent functionality, secure configurations, and physical protections.
It defines a documented list of approved application stores as acceptable for mobile devices accessing or storing entity (client) or cloud service provider-managed client data. It prohibits unapproved application stores for Company-owned and BYOD mobile devices and non-approved or approved applications not obtained through authorized application stores.
Healthy.io prohibits the circumvention of built-in security controls on mobile devices. It monitors for unauthorized connections of mobile devices. It places appropriate protections of the teleworking site to protect against the theft of equipment and information, the unauthorized disclosure of information, and unauthorized remote access to Healthy.io’s internal systems or misuse of facilities.
Teleworking activities are only authorized if security arrangements and controls that comply with relevant security policies and organizational requirements are in place. Before approving teleworking, the team evaluates the physical security of the teleworking site and addresses any identified threats/issues.
Before it authorizes teleworking, Healthy.io provides definitions for permitted work, standard operating hours, classification of information that teleworkers may hold/store, and the internal systems and services they are authorized to access. It defines the suitable equipment and storage furniture for the teleworking activities, as it forbids the use of privately-owned equipment not under its control. It also specifies the appropriate communications equipment, including methods for securing remote access; rules and guidance on family and visitor access to equipment and information; hardware and software support and maintenance; procedures for back-up and business continuity; means for teleworkers to communicate with information security personnel in case of security incidents or problems; and audit and security monitoring. Healthy.io also provides additional insurance to address the risks of teleworking. It instructs all personnel working from home to implement fundamental security controls and practices, including but not limited to passwords, virus protection, personal firewalls, recording serial numbers, and other identification information about laptops, and disconnecting modems at alternate worksites. It also limits remote access to information resources required by users to complete job duties.