1. Security Mission Statement

Remote operations exponentially expand the Company’s attack surface. Our mission is to normalize the security posture of the "Home Office" to the same institutional standard as our corporate headquarters. We utilize advanced encryption, zero-trust verification, and hardware micro-segmentation to protect Nexly assets from global distributed threats.

2. Structural Scope

This policy deep-dives into the technical security mandates for all Nexly citizens operating outside the physical office perimeter. It covers home network configurations, public compute usage, and the physical safety of Company-issued hardware.

3. Mandatory Zero-Trust Access

Every remote connection to the Nexly Compute Fabric is governed by the Principle of Zero-Trust. Identity is verified via FIDO2 hardware keys, and device health is checked for compliance (active encryption, updated OS) before any data tunnel is established.

4. Home Network Hardening Standards

Remote workers are mandated to harden their home environments:

• WPA3 Encryption: Utilizing the latest WiFi security protocols with a complex SSID/Password.
• Firmware Updates: Ensuring router firmware is set to auto-update to neutralize known vulnerabilities.
• IoT Isolation: Where possible, Company hardware should reside on a separate "Guest" network to isolate it from insecure consumer IoT devices.

5. Public WiFi & Hotspot Prohibition

Accessing Nexly internal systems over unencrypted public WiFi (cafes, airports) is strictly prohibited. If an institutional connection is required in transit, employees must utilize a Company-issued hardware hotspot or an authorized tethered mobile connection.

6. Secure Tunneling & VPN Protocols

The Nexly "Secure Gateway" is the only authorized entry point for remote operations. Any attempt to use personal VPNs, unauthorized proxy servers, or P2P software while connected to the Company tunnel will trigger an immediate security quarantine.

7. Persistent Full-Disk Encryption

Full-Disk Encryption (FDE) must be active on all remote endpoints at all times. This ensures that in the event of hardware loss or theft, the data residing on the drive remains cryptographically inaccessible to unauthorized parties.

8. Ephemeral Patching & OS Integrity

Remote endpoints must be set to "Auto-Update" for all critical security patches. Our MDM agents will monitor patch levels and automatically revoke network access to any device that falls more than 48 hours behind the Company’s baseline security posture.

9. MDM & EDR Active Orchestration

Company hardware is managed via our "Mobile Device Management" (MDM) cluster. This allows for remote software deployment, security configuration enforcement, and—most critically—the ability to "Remote Wipe" a device if an incident is declared.

10. Physical Asset Safety & Chains

Hardware theft is a primary threat vector. Remote staff must never leave Nexly laptops in unmonitored public spaces or visible inside vehicles. When traveling, hardware should be secured in a locked safe or utilizing a physical "Kensington" cable lock.

11. Shoulder-Surfing Defense

When operating in public or shared transit zones, employees are mandated to utilize Company-issued privacy screens. Information on your screen is confidential and must be protected from visual observation by third parties.

12. Loss & Theft Recovery Protocol

If Nexly hardware is lost or stolen, it must be reported to the SIRT within 30 minutes of discovery. The SIRT will immediately trigger a "Kill Command" to scramble the encryption keys and brick the device, neutralizing the data.

13. Remote Security Integrity Desk

To request an home office security audit, report a lost endpoint, or inquire about VPN configuration for international travel, please connect with the Defensive Ops Command.