Information Technology Policy Manual 2022

conversations are subject to public inspection pursuant to the North Carolina Public Records Law) • Do not use IM for sending sensitive information between employees Mobile Devices • Mobile Devices have arisen as powerful computing devices with access to sensitive and personal information. Follow these rules to keep sensitive and personal information safe: • Do not circumvent mobile device security controls that have been implemented by the City to protect the device • Protect your mobile device by keeping it in a safe location, and avoid leaving the mobile unattended in a motor vehicle or in a public area • Observe all applicable laws including all such laws restricting the use of mobile deviceswhile driving. If an employee is charged with traffic violations resulting from the use ofa mobile device while driving, the employee will be solely responsible for all liabilities that result from such action • Only install apps with good reputation from reputable sources • Immediately contact the IT Service Desk at 373-2322 if your mobile device is lost orstolen

Refer to the Mobile Device Policy for further information about mobile device usage guidelines

Non-City Owned Computers Non-City Owned Computers include employee owned laptops and home computers. Non-City owned computers can present risks to the City’s systems and applications. For example, Malware hidden on a non-City computer that’s used to access City resources can record all keystrokes entered, including your City’s username and password, then use the information to gain unauthorized access to the City’s systems and sensitive information. Non-City Owned Computers can only be used to access Exchange Webmail access.

Non-City Owned Computers cannot be used for: • Access to internal City systems and applications • Access to the City via VPN • Saving email and attachments when using Exchange Webmail

File Transfer Service The City’s standard method for exchanging documents is Dropbox which utilizes very secure methods to ensure that documents sent and received are protected against eavesdropping and compromise. Contact the Cyber Security and Compliance Manager if you require to use Dropbox. Removable Storage Devices • Sensitive information is not to be copied or stored on USB Flash drive • Contact the Cyber Security Team if your job requires you to transport sensitive informationon USB Flash drives • IT approved external hard drives are allowed for backing up data from a laptop or a desktop

1 1

GSO-ITAUP-002