User devices such as computers, iPads, smartphones, etc., are an attack vector that hackers and others with malicious intent can use to get into the Schibsted IT infrastructure or to gain access to our information.
To protect Schibsted and our customers, all user devices supplied by Schibsted to employees or contractors must, therefore, be managed by Schibsted to ensure the right level of device security. Employees are allowed to use the user device for private purposes as long as they follow Schibsted’s policies and routines, and it does not affect their work or Schibsted’s business.
All data produced or used as part of an employee’s work belongs to Schibsted and will be handled as such. Work-related data shall always be stored on the storage solutions provided by Schibsted to secure backup of the data. Note that any data stored locally on user devices might be lost if a device is stolen, replaced, or broken. Employees are encouraged to store data on secure cloud solutions and are responsible for the backup of any locally stored data.
Schibsted has the capability to log and store traffic that flows through our networks and on devices. The logs might be used to identify illegitimate traffic or usage. Schibsted can and will, under certain circumstances, look into logs, emails, and other documents on our network equipment and user devices. Such activity will always adhere to current laws and regulations as well as to the Schibsted Code of Conduct. When backing up data from a user device, it must be done in a secure way. If the data is classified, sensitive, company secrets, etc., then the backup, either in the cloud or on other devices, must be encrypted as well.