CYBER SECURITY /COMPUTER USE POLICY

Use of Company Systems

Mastech Digital’s systems (including telephone, fax, photocopy machine, voice mail, e-mail, network computer files, internal and Internet based systems) are provided for business purposes and are Mastech Digital property.  An employee’s use of company systems constitutes consent to monitoring.  Consequently, Mastech Digital may intercept, monitor, review, and disclose any communication or files as business needs require. Messages or files created, sent, or received are not an employee’s private property. Employees should have no ownership or privacy expectations regarding communications or data sent over the company’s information systems.

All communications, both inside and outside the company, should be professional, businesslike, and courteous. Communications that are discriminatory, sexually explicit, non-job related, malicious, obscene, harassing, threatening, intimidating, or used to solicit commercial, religious, political, charitable, union, or other non-business causes are strictly prohibited. Improper use of communication systems and equipment may subject an employee to corrective action, up to and including termination.

Being informed is a shared responsibility for all users of Mastech Digital’s information systems.

Being informed means, for example:

• Knowing these acceptable use policies and other related rules and policies,
• Knowing how to protect your data and data that you are responsible for,
• Knowing how to use shared resources without damaging them,
• Knowing how to keep current with software updates,
• Knowing how to report a virus warning, a hoax, or other suspicious activity, and participating in training.

Acceptable Computer Use

This Acceptable Computer Use Policy applies to all employees of Mastech Digital Inc. and its subsidiaries, and to all third parties who may access and use the company’s computer systems, networks, and related technologies.

Use of the Internet by employees is permitted and encouraged where such use supports the goals and objectives of the business.  However, access to the Internet is a privilege, and all users must adhere to the company’s policies concerning Computer, Email, and Internet use.

Violation of these policies may result in disciplinary and/or legal action leading up to and including termination of employment.  Users may also be held personally liable for damages caused by any violations of this policy.

Computer, Email, and Internet Use

• Users are expected to use the Internet responsibly and productively. Internet access is designed and provided for activities that bring value to the business.  Personal use is permitted when it is limited, abides by company standards, and does not interfere with company activities.
• Data that is composed, transmitted and/or received by the company’s computer systems and networks is the property of the company
• The company reserves the right to monitor Internet use, email, and other activities related to computer, network, and Internet use where lawful and in accordance with other company policy and standard.
• Emails sent via the company email system must not contain content that may be deemed to be offensive, harassing, or otherwise inappropriate for business purposes
• Internet access maybe monitored, and Internet access to particular sites may be restricted by the company when those sites may be deemed unlawful, malicious or harmful or not of value for the company.

Specific Prohibitions Include:

• Sharing or disclosing your company password(s)
• Attempting to use the company password(s) of another
• Sending or posting discriminatory, harassing, or threatening messages or images on the Internet or via the company’s email system
• Using computers to commit any form of fraud, and/or software, film, or music piracy
• Downloading, copying, or pirating software or electronic files without proper authorization
• Sharing without authorization confidential company materials, trade secrets, or proprietary information outside of the company
• Hacking or other illegal computer activity
• Sending or posting information that is defamatory to the company, its products and services, its employees, and/or its customers
• Introducing malicious software into the company network and/or jeopardizing the security of the organization’s computer systems and networks
• Sending or posting chain letters, solicitations, or advertisements not related to business purposes or activities
• Conveying personal views as representing, without authorization, the views of the company

Should an employee is unsure about what constitutes acceptable computer or Internet use, then he/she should ask his/her supervisor for further guidance and clarification.

All terms and conditions as stated in this document are applicable to all users of the company’s network and Internet connections. All terms and conditions as stated in this document reflect an agreement of all parties and should be governed and interpreted in accordance with the policies and procedures mentioned above.
Protecting Information and Shared Resources

To ensure the integrity of our systems it is critical that employees follow all established security policies and procedures. Users must:

• Follow established procedures for protecting files, including managing passwords, using encryption technology, and storing back-up copies of files.
• Protect the physical and electronic integrity of equipment, networks, software, and accounts on any equipment that is used for Mastech Digital’s business in any location.
• Not visit non-business related websites
• Not open email from unknown senders or email that seems suspicious.
• Not knowingly introducing worms or viruses or other malicious code into the system nor disable protective measures ie: antivirus, spyware firewalls.
• Not install unauthorized software.
• Not send restricted or confidential data over the Internet or off your locally managed network unless appropriately password protected or encrypted.
• Not connect unauthorized equipment or media, which includes but is not limited to: laptops, thumb drives, removable drives, wireless access points, pdas, and mp3 players.
• No resources are to be made available for access from the Internet (e.g., setting up an FTP server) without advance written approval from management.
• No sensitive or client-related information may be discussed via the Internet.

Software

All software used must be part of the “IT Permitted Software List” and users must not install unlicensed / illegal copies of software that are not relevant for Mastech Digital’s business purposes. Please refer to the Employee Portal at https://my.mastech.com for the latest copy of “IT Permitted Software List.”

Virus Remediation

In the event that your computer acts erratically, exhibiting any of the following behaviors:

• abnormal response time or non-responsiveness
• unexplained account lockouts
• passwords not working
• website homepage won’t open or has unexplained changes/content
• programs not running properly
• running unexpected programs
• lack of disk space or memory
• bounced-back emails
• inability to connect to the network
• constant or increasing crashes
• abnormal hard drive activity
• connecting to unfamiliar sites
• browser settings changed
• extra toolbars that cannot be deleted

Turn it off and contact your local IT support immediately.  If it is diagnosed as a virus, contact your manager, Administrator of IT Operations and CIO to apprise them of the situation so they may assess any other potential risk to Mastech Digital.

Flash-drives, Thumb-drives

An unknown flash drive or USBs should never put any into any Mastech Digital computer.

Never open a file from a flash drive you are not familiar with.

Passwords

All passwords must be disclosed to the IT department (as requested) and remain Mastech Digital property. To ensure security, confidential passwords must not be shared with co-workers. While employees must treat all messages as confidential and must not try to access another employee’s mail or files, they should be aware that the confidentiality of messages is not guaranteed. Passwords do not completely guarantee security and messages that are erased may be retrieved and read.

The password length will be a minimum of 8 characters. It will consist of at least 3 of the following: English uppercase characters (A through Z). English lowercase characters (a through z). Numerals (0 through 9). Non-alphabetic characters (such as !, $, #, %). In addition, are not be any of the previous 5 passwords used, nor should contain any part of the users name. Passwords should be changed every 180 days.

Telephone

Personal use of the telephone should be minimal. Good judgment should be used in limiting the length and frequency of personal calls. Long distance calls may not be charged to Mastech Digital and must either be placed collect or billed to the employee’s personal account.

Applicable Laws

Users must obey local, state, and federal laws including laws on copyright and other intellectual property laws.

Acknowledgement

I understand and agree to abide by this Policy.  I further understand that, should I violate this policy, my access privileges to company computing and network assets may be revoked, and that disciplinary action and/or appropriate legal action may be taken against me.