Legal & Compliance
Antivirus & Device Protection Standards
Effective: May 26, 2026 · Next review: May 26, 2027 · Pythias Technologies, LLC
1
This policy establishes minimum security requirements for all endpoints (laptops, desktops, and mobile devices) used to access Pythias systems, data, or internal tools. The goal is to prevent malware, unauthorized access, and data exfiltration through compromised devices.
2
This policy applies to all devices — company-owned or personal (BYOD) — used by Pythias employees, contractors, or any person with access to Pythias production systems or Confidential/Restricted data.
3
All Windows endpoints must have Windows Defender (or equivalent enterprise AV) installed, active, and up to date. Real-time protection must be enabled at all times.
Antivirus definitions must be updated automatically. Endpoints that cannot receive automatic updates must be updated manually at least weekly.
Full system scans must be performed at least monthly. Scans must be logged and results reviewed.
macOS endpoints must have Gatekeeper and XProtect enabled, and must run a reputable third-party AV solution if accessing Restricted data.
Any endpoint with a detected infection must be immediately isolated from the network and reported to the company owner before re-joining.
4
Operating systems must be kept current. Critical and security patches must be applied within 7 days of release.
Auto-update must be enabled for the OS and all major applications (browsers, Node.js runtimes, etc.) on production-access devices.
End-of-life operating systems (e.g., Windows 10 after October 2025) must not be used to access Pythias production systems.
Development dependencies (npm packages, Docker images) must be reviewed for known CVEs at least monthly using automated audit tools (e.g., npm audit).
5
All endpoints must require authentication (PIN, password, biometric) to unlock. Screens must lock automatically after 5 minutes of inactivity.
Full-disk encryption must be enabled on all devices used to access Pythias systems (BitLocker on Windows, FileVault on macOS).
No Pythias Restricted or Confidential data may be stored unencrypted on a local device. Cloud sync to personal accounts (personal Dropbox, Google Drive, iCloud) is not permitted for business data.
Lost or stolen devices must be reported to the company owner immediately so remote-wipe can be initiated and associated credentials rotated.
6
Installing software from untrusted or pirated sources is prohibited on any device used to access Pythias systems.
Connecting personal USB storage, external drives, or unknown peripherals to devices accessing production systems is prohibited without explicit approval.
Disabling or circumventing AV, firewall, or OS security features on any business-access device is prohibited.
7
This policy is reviewed annually (next review: May 26, 2027) or when a material change in device types, operating systems, or threat landscape warrants it.
© 2026 Pythias Technologies, LLC · All rights reserved
