There are separate instructions for staff to use mobile devices. The instructions cover:
Organisation's data can only be processed on a predefined, trusted network, or by using a VPN service defined by the organisation.
For example, a coffee shop's Wi-Fi network is often either completely unencrypted or the password is easily accessible to everyone. In this case, the information sent online is vulnerable to spyware. A VPN connection encrypts information regardless of network settings.
Laptops are protected by full-disk encryption.
Removable media includes e.g. flash memories, SD memories, removable storage drives, USB sticks and DVDs.
The organization has defined which removable media is allowed to be used.
Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).