Cyber Security Policy Manual

hidden on a non-City computer that is used to access City resources can record all keystrokes entered, including your City’s username and password, then use the information to gain unauthorized access to the City’s systems and sensitive information.

Non-City Owned Computers can only be used to access:  Exchange Webmail access

Non-City Owned Computers cannot be used for:  Access to internal City systems and applications  Access to the City via VPN  Saving email and attachments when using Exchange Webmail

P OLICY It is the responsibility of City of Greensboro employees, contractors, consultants, vendors, trainers, temporary staff and the like with remote access privileges to City of Greensboro's network to ensure that their remote access connection is given the same consideration as the user's on-site connection to the City of Greensboro. General access to the Internet for recreational use through the City of Greensboro network is strictly limited to City of Greensboro employees, contractors, vendors and agents (hereafter referred to as “Authorized Users”). When accessing the City of Greensboro network from a personal computer, Authorized Users are responsible for preventing access to any City computer resources or data by non-Authorized Users. Performance of illegal activities through the City of Greensboro network by any user (Authorized or otherwise) is prohibited. The Authorized User bears responsibility for and consequences of misuse of the Authorized User’s access. For further information and definitions, see the Information Technology Acceptable Use Policy . 1) Employees will use secure remote access procedures. This will be enforced in accordance with the City of Greensboro’s Password Policy. Employees agree to never disclose their passwords to anyone, particularly to family members if business work is conducted from home. 2) All hosts that are connected to the City of Greensboro internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers. Third-party connections must comply with requirements as stated in the Third Party Access Policy . 3) Remote users using public hotspots for wireless Internet access must employ for their devices a personal firewall, VPN, and any other security measure deemed necessary by the IT department. VPNs supplied by the wireless service provider should also be used, but only in conjunction with the City’s additional security measures.

Cyber Security Policy Manual

23