Bluetooth devices - West Yorkshire Police

Bluetooth devices - West Yorkshire Police
NOT PROTECTIVELY MARKED
Bluetooth devices
Policy
Policy
summary
This policy procedure relates to the use of Bluetooth enabled devices
and peripheral devices.
The purpose of this policy is to maintain the confidentiality, integrity
and availability of Force data and ensure:
 the information we hold is not compromised; and
 users can safely connect devices via Bluetooth.
The use of Bluetooth technology is subject to this policy procedure at
all times.
Aim
The aims of this policy procedure are to explain:
 responsibilities of police officers and police staff;
 device functions and capabilities that you must be wary of and the
safety precautions you need to take; and
 how to pair with a hands-free headset, printer or keyboard.
Scope
This policy procedure:
 only refers to hands-free headsets, printers and keyboard; and
 applies to all Force personnel, i.e. police officers, police staff, special
constables, volunteers, partners, agency staff, sub-contractors and
third party suppliers who may have access to the Force’s electronic
information.
Only current employees and vetted third party suppliers must be
granted access to the Force’s equipment, data and infrastructure.
Compliance
Staff should acquaint themselves and comply with the following:
Freedom of Information Act 2000
Data Protection Act 1998
Computer Misuse Act 1990
Official Secrets Act 1989
Copyright, Designs and Patents Act 1988
ACPO Information Systems Community Security Policy (CSP) –
standards of maintaining the confidentiality, integrity and availability of
information.
Security Policy Framework
ISO / IEC 27001
NCPE Doctrines:
Code of Practice on the Management of Police Information
Guidance on the Management of the Police Information (MOPI).
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED
Chapter 1
Principles
Explanation
of term
Bluetooth is a wireless technology for short range communications. It
replaces the cable connection between two devices, e.g. a mobile
‘phone and a headset.
Force issued
devices
The only devices that are permitted to have Bluetooth activated are
Force issue mobile data devices and mobile ‘phones, however the
default setting for Force devices is Bluetooth disabled
Operational
need
All staff who need to use a Bluetooth connectivity must have an
operational need for having one.
Breaches
Breach of this policy procedure may result in the user being liable to a
discipline and/or a criminal investigation as follows:
By
any WYP employee, including
agency staff, will be considered
a serious disciplinary or legal
matter and dealt with
accordingly;
a third party supplier employee,
will be considered a legal matter
and dealt with accordingly;
And
access to the WYP network will
be terminated until the matter
has been investigated.
access to the WYP network will
be prohibited until the situation
can be brought to a satisfactory
conclusion.
All suspected breaches of this policy guidance should be reported to
the Force Information Security Officer (ISO) via the Security incident
reporting mailbox.
Related policy
procedures
Mobile data devices
Protective marking
Security incident reporting
Chapter 2
Introduction
Safety precautions
There are inherent security risks with Bluetooth. If it is not configured
correctly, the device can become an easy target for anyone wishing to
gain information about you or the police by:
 gaining access to your contacts or text messages; or
 using the ’phone as a listening device.
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED
Use
undiscoverable
mode
On some mobiles ‘phones or mobile data devices, undiscoverable
mode is referred to as hidden or invisible. It means that Bluetooth is
enabled but not openly visible to:
 other enabled devices; or
 someone doing a Bluetooth scan.
NB This also applies if a hands-free headset is paired with your
device.
Any device searching for Bluetooth connections to pair with will not
see your mobile ‘phone or mobile data device. This eliminates most
attacks as the ability to pair is essential.
In undiscoverable mode you are still able to see previously paired
devices, e.g. a hands-free kit.
Unknown
devices
You must:
 avoid pairing with other devices in public as this provides an attacker
with a way of gaining access to and controlling your mobile ‘phone or
stealing information from it; and
 reject any requests to pair, and prompting you for your pin number, if
you are not expecting them.
NB Once paired, even if your mobile phone or mobile data device is in
undiscoverable, invisible or hidden mode, the devices can still talk.
Only disabling Bluetooth will break the connection.
Be discreet
Attackers look for signs that a mobile ‘phone or mobile data device has
Bluetooth enabled, such as the blue flashing light on the device. If
your ‘phone or data device is visible then it is open for attack.
The blue flashing light means the mobile ‘phone or mobile data device
is on and can be in discoverable or undiscoverable, invisible or hidden
mode.
Disable
You must disable Bluetooth on your mobile ‘phone or mobile data
device if you are not using it. BlackBerry devices can be configured
remotely and the Bluetooth feature can be disabled en masse this
way.
When Bluetooth is disabled (as opposed to being in undiscoverable,
hidden or invisible mode) then a device that has previously been
paired with it can no longer connect.
Power off
Wherever possible you must power off any Bluetooth enabled device
such as a hands-free headset.
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED
Admin
Last reviewed:
Scheduled for review:
June 2014
June 2016
NOT PROTECTIVELY MARKED
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising