Cyber Security Policy Manual

3) City-owned mobile devices are the property of the City and must be returned to the City immediately upon request. 4) The City is not responsible for any personal information stored on a City-owned device that may be lost or deleted. 5) Job responsibilities may require employees to occasionally be available after normal business hours. Non-exempt employees may be allowed to access the City’s systems and applications from their mobile devices after normal business hours if their manager approves. Time worked after normal business hours will be compensable according to FLSA and City policy. Any unapproved time worked after normal business hours will be compensated as required by FLSA. An employee working without approval from the supervisor may be subject to corrective action up to and including dismissal. 6) All applicable laws including all such laws restricting the use of mobile devices while driving must be observed. If an employee is charged with traffic violations resulting from the use of City-owned mobile device while driving, the employee will be solely responsible for all liabilities that result from such action. 7) The mobile device must not be used for any illegal, unauthorized, unintended, unsafe, hazardous or unlawful purposes, or in any manner prohibited by laws and regulations. 8) Employees must refrain from connecting their mobile devices to public Wi-Fi networks because they lack the required security controls to protect mobile devices from becoming compromised through malicious devices that may be on the same Wi-Fi network. 9) Rooted or jail-broken mobile devices will be blocked from accessing the City’s systems and applications. 10) Access to the mobile device must be protected with a passcode, Face ID, pattern matching or other types of authentication mechanisms. 11) Any security controls that may have been applied to the mobile device to protect th e City’s information must not be circumvented. If an attempt to circumvent a security control is detected, the device will be blocked from accessing the City’s systems and applications. 12) Only Apps with good reputation from reputable sources are to be installed on the mobile device. 13) Employees are not permitted to install personal apps on City-owned mobile devices. This includes social media, dating, shopping and other types of personal apps. 14) Lost or stolen mobile devices must be reported immediately to the IT Service Desk at 373 2322 or by emailing the Cyber Security Team at securityincidents@greensboro-nc.gov. 15) A stolen mobile device will immediately be remotely erased to prevent access to sensitive information. 16) An attempt will be made to locate a lost mobile device. If the attempt fails, the mobile device will be remotely erased. 17) New Operating System (OS) updates must not be installed until approved by IT. 18) Security updates must be applied immediately when asked to do so by IT.

Cyber Security Policy Manual

32