Computer User

Guidelines
in support of the
Information Technology Compliance and Security section
of the Code of Business Conduct and Ethics

September 2019

Owner: IT Governance, Compliance, and Controls Initial Release Date: September 2019
1 of 6
 Computer User Guidelines
This document supports the Corporate Code of Business Conduct and Ethics section titled “Information Technology
Compliance and Security” accessible from the Corporate Compliance home page.

GENERAL
Lear resources
• Use Lear IT resources for Lear business. Using Lear IT resources for non-Lear business activities impairs
productivity and overburdens company resources.
• Limit use of high-bandwidth internet sites such as video-streaming, podcast-streaming, music-streaming
sites, etc.
• Some batch processes consume large amounts of shared network resources. If possible, schedule batch
processing during off-peak hours.

Use of Lear-provided internet access

• Lear uses internet-filtering tools to ensure that internet traffic is consistent with Lear’s policies regarding
appropriate usage. These tools restrict internet sites containing inappropriate or illegal content, or materials
that might create an unfriendly or antagonistic work environment.
• Connections to the internet or to suppliers must be managed by Lear IT. Contact the Lear Global Service
Desk for assistance (see Appendix).

Sensitive email messages

• Sensitive information includes personally identifiable information (PII), treasury/cash transactions,
intellectual property and business intelligence.
• Sensitive email messages related to Lear business should not be sent via internet email services
(examples: Gmail, Yahoo mail, Rediffmail, etc.). Internet email services do not maintain the same level of
protection as Lear email services.

Lear email services

• If possible, Lear email systems should be used for Lear Company business only and should not be used to
circulate chain letters or non-work-related messages, or to conduct a personal commercial business.
• Offensive, threatening or harassing email messages could create an unfriendly or hostile work environment.
These types of messages can also hurt Lear’s customer/vendor relations or corporate image if made public.
• Use caution when opening emails from non-Lear sources. Only open attachments and links if you recognize
the sender and believe the content is safe.

File transfers
• Lear email should not be used as a replacement for file transfer utilities. Contact the IT department to
establish SFTP (secure FTP), EDI, or other system file transfers. Where possible, secure/encrypted file
transfer methods are preferred. Contact the Lear Global Service Desk for assistance (see Appendix).
• Electronic file transfers (system to system) should protect Lear confidential and/or proprietary information
per the ‘Confidential and Proprietary Information’ section of Lear’s Code of Business Conduct and Ethics.

Storage of critical, important, or sensitive data files

• Users should save critical, important, or sensitive data files to appropriate Corporate IT-approved services.
The following Corporate IT-approved services are backed up on a regular basis and provide protection in
case a file is lost or damaged:
o H: drive (personal network drive)

Owner: IT Governance, Compliance and Controls 2 of 6 Initial Release Date: September 2019
 Computer User Guidelines
o SharePoint Team sites
o Group network drives
• Use caution when saving files to the following locations. The files placed here are not backed up. If a
computer suffers an error or system/hardware failure, files may be unrecoverable.
o A computer’s desktop
o A computer’s C: drive (hard drive)
o Internal public network drive (P: drive)
• The internal public network drive (P: drive) is designed to be a temporary holding place for files. Files stored
here are periodically deleted as a cleanup exercise. Access to the P: drive is not restricted, therefore
confidentiality of data stored here is not maintained.
• Physically secure sensitive information (hardcopy) and, when possible, print to a password-protected
printer. Leaving sensitive information visible on fax machines, photocopiers, printers, mail drop off or other
open areas can result in unauthorized disclosure and/or loss of information.
• When not in use, physically secure mass storage devices such as CDs, DVDs, USB drives, etc. containing
sensitive data. This helps prevent unauthorized access to the data. Where possible, password protect
and/or encrypt the contents. Use USB devices from trusted sources only. USB devices that you may happen
to find in a public area are sometimes intentionally infected with malware and therefore dangerous to the
computers if inserted.

COMPUTING DEVICE SECURITY

Lear-issued mobile computing devices (mobile phone, laptop, tablet, desktop, storage, etc.)
• Physically secure mobile computing devices after normal working hours.
• While traveling, ensure that Lear-issued mobile computing devices are protected from theft.
o Keep mobile computing devices with you when checking into a hotel.
o If available, use a hotel room safe to secure mobile computing devices. If a safe is not available,
place the devices in a drawer so they are not readily visible to hotel staff.
o In public transportation hubs (airports, train stations, etc.), keep track of mobile computing devices
while in restaurants, waiting lounges, security check points, baggage claim areas, etc.
o In passenger vehicles, mobile computing devices left unattended in plain view are susceptible to
theft. If you must leave a mobile device inside a vehicle, place it in an area not visible from the
exterior of the vehicle.
• An automatic screen-saver that appears on workstations after 20 minutes of inactivity protects the user from
unauthorized access. Without this screen-saver control, any passerby would be able to use the computer as
the original user.
• Manually lock your computer when leaving it unattended to prevent a passerby from using your computer
when you are not present (preventing access to your files and sites). For Windows computers, press the
“Ctrl” “Alt” and “Del” keys at the same time and then select the “Lock” option. An even quicker method to
lock your computer is to press the “Windows” and the “L” keys at the same time.

• Lock mobile phones or other electronic devices using the lock methods specific to them.

Owner: IT Governance, Compliance and Controls 3 of 6 Initial Release Date: September 2019
 Computer User Guidelines
USER CREDENTIALS
User credentials consist of user ID + password
• Users are accountable for actions performed under their login credentials (e.g., sending emails, instant
messaging, creating/modifying files, posting to Yammer, etc.). Do not provide your login credentials to
another person.
• Do not use another user’s login credentials. If another user attempts to give you their login credentials, do
not accept them.

Password Tips
• Use a memorable phrase that only you know.
• Use the first letter of each word in a unique phrase to create a password.
• Passwords must have a minimum of 8 characters in length. Passwords longer than 8 characters are
preferred because they provide a higher level of security.
• Remember to include at least three of the following in your password:
o uppercase letter
o lowercase letter
o special character
o number
• Do not create passwords from dictionary words, proper nouns, words with repeated or missing letters,
common phrases, or keyboard patterns. These types of passwords are easily guessed by malicious
password-cracking tools.
• Change your password immediately if:
o Your password is known by a system administrator
o You suspect that someone observed your password while you entered it
o You become aware of a security breach for a system you use

Password management DOs

• Do use different passwords for different accounts.
• Do change passwords frequently.
• Do keep passwords confidential

Password management DON’Ts

• Don’t share your passwords with anyone.
• Don’t hide passwords under your keyboard or display them in an open area such as taped to the computer
monitor.
• When using a web-based application, if you receive the message “Would you like to store your password for
example.com?”, select the option that does NOT save your password such as “No,” or “Not for this site,” etc.
• Storing passwords in an Excel or Word file increases the risk of unauthorized access. A good option is to
use a password management application such as LastPass where passwords can be stored in an encrypted
format.

Owner: IT Governance, Compliance and Controls 4 of 6 Initial Release Date: September 2019
 Computer User Guidelines
Tips for Answering Security Questions
• Many systems require you to answer security questions that help validate your identity if your password is
compromised or is reset.
o Create answers for security questions that are hard for others to guess but easy for you to
remember. Commonly used security answers such as “pizza” increase the chance that a security
question will be compromised.
o If possible, write your own unique security question and answer.

SOFTWARE MANAGEMENT
Software Approval
• Software contained on the Global Software List is classified in one of several statuses (Approved, Freeze –
Buy no More, etc.). For an explanation of the various statuses, please click here.
• Software not listed on the Global Software List may be submitted for approval consideration. On the
software approval site, click on the “Submit a New Request” link, fill in all required information and submit
the form. The software will go through a multi-step review process and a final status will be assigned. This
applies to any type of software including freeware, trial evaluations, cloud/software as a service (SaaS),
purchased, leased, or subscription-based software. The review process can take several weeks to
complete.

Software Licensing
• A sufficient number of software licenses must be purchased to ensure that the terms of the relevant
licensing agreement are met.
• Lear may be at risk for fines and penalties when unlicensed software is present for example when:
o users download unlicensed software to their computer, even without installing or using it
o users place unlicensed software on a USB drive (or other removable storage device) and then
connect it to a Lear computing device
o software designated for personal use only is used in the corporate environment
• License documentation must be retained.
• Making backup copies of software may be allowed if such action is authorized within the terms of the
licensing agreement.

Personally-owned software
• Personally-owned software shall not be installed on Lear-owned computing devices.

VIRUS PROTECTION/PATCHES
• Any process designed to bypass identification and verification processes, such as automating the entry of a
user ID and password through a workstation, must be avoided. Such activities weaken established security
measures.
• Restarting (rebooting) your computer allows software and anti-virus updates to be installed on your
computer. This is critical to ensure that the anti-virus protects your computer from the latest viruses and
malware. Computers that are not rebooted are not protected with the most current security patch protection
available.
• Non-Lear devices connecting to the Lear network via a Virtual Private Network (VPN) require installation of
one of the following anti-virus products:

Owner: IT Governance, Compliance and Controls 5 of 6 Initial Release Date: September 2019
 Computer User Guidelines
o McAfee
o Microsoft
o Symantec
o Trend Micro

The anti-virus software must be active and the anti-virus pattern files must be kept current.

APPENDIX
Lear Global Service Desk Information

Lear Global Service Desk

Telephone +1 (248) 447-1008
Self-service help.lear.com
The Lear Global Service Desk is the 1st level of support for any IT issues that Lear users
or vendors may experience. All IT support requests shall be initiated through the Lear
Global Service Desk.

Revision History

Date Revision Summary Approved by

September, 2019 Initial Release Bonnie K. Smith (CIO)

Owner: IT Governance, Compliance and Controls 6 of 6 Initial Release Date: September 2019