Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Best Practices
Proper use of your county computer is one of the most important ways of protecting information from corruption or loss. 1. Log off or lock your computer when you are away from your PC. In most cases hitting the Control-Alt-Delete keys and then selecting Lock Computer will keep others out. You will need your password to sign back in, but doing this several times a day will help you to remember your password. 2. Never store data on a local drive, keep your work on a network drive that is backed up nightly 3. Never place sensitive data on a removable jump drive or depend on these drives as a backup. 4. Never tamper with or bypass the virus protection software or the firewalls installed on your equipment. 5. Use Email and Internet only for business purposes
Page 3 Firewalls
All county computers connecting to the Internet have been configured to utilize a firewall. Our firewall protection creates a barrier between your computer and the evil lurking on the Internet. Our firewalls are configured to filter out unauthorized or offensive information and prevent intruders from scanning and retrieving personal or sensitive information from your computer. Never disable, modify or bypass Internet protocols or firewall systems found on your computer, networks or other county systems. All new requests for Internet services or connections for Internet use must be directed through Information Systems so that the proper firewall is employed and maintained.
Never bypass or disable these protective systems Never download email from an outside email service, Gmail, Yahoo etc. on a county computer Report any failure or absence of your virus protection to Information Systems immediately
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 4
Computer viruses are programs that spread or self-replicate. They usually require interaction from someone to be activated. The virus may arrive in an email message as an attachment or be activated by simply opening a message or visiting a malicious web site. Some viruses consume storage space or simply cause unusual screen displays. There are those who will commandeer your email account and send thousands of emails, clogging the network with traffic and freezing up the county email server. Others simply destroy information. If a virus infects your PC, all the information on your hard drive may be lost and/or compromised. Also, a virus in your PC may easily spread to other machines that share the information you access. Viruses can exhibit many different symptoms. If your computer behaves erratically, employees are advised to contact their Systems Administrator at 970-725-3041. 1. Never use a county computer that you suspect may not have properly functioning virus protection or is behaving erratically. 2. Never install software on a county computer or start an installation process from a file. 3. Information Systems installs all software and stores the source disks for all programs used on your computer. 4. Do not load free software from the Internet on to your county computer. 5. You must be very careful and sure of the attachment files found in emails, files with extensions such as: .bat, .cmd, .exe, .pif, .scr, can be very dangerous. Never open attachments from anyone you don't know or attachments with these extensions 6. Report any messages generated from your virus protection software regarding infections or quarantined files to the Systems Administrator at (970) 725-3041.
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 5
Spyware and related adware, are software downloaded from a web page through your Internet browser, or by following a link in an email or are installed with freeware or shareware software such as Web Shots or toolbar icons i.e. American flags. Spyware is used to track your Internet activity, redirect your browser to certain web sites or monitor sites you visit. Spyware may also record your passwords and personal information to send to a malicious web site. 1. NEVER load software on a County computer 2. Do not respond to any dialogue boxes that appear unexpectedly; click on X. Clicking on No or Cancel sometimes installs spyware. 4. Beware of visiting web pages which are un-trusted. Use Internet only for business purposes. 5. All County computers must use our Internet content filter to detour Spyware attacks and infections. 6. Leave your Internet Explorer security level set at its default of Medium-high, in most cases leave the popup blocker on unless needed for legitimate reasons. Hoaxes are email messages that resemble chain letters, offer free money, or contain dire warnings and offers that seem to be too good to be true. If you receive a hoax via email, delete it. Sharing hoaxes slows down mail servers and may be a cover for a hidden virus or worm. Social Engineering is an approach to gain access to information through misrepresentation. It is the conscious manipulation of people to obtain information without their realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails entice the recipient into opening an attachment that activates a virus. 1. Be very wary of anyone offering you computer or program support that you did not initiate.
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 6
2. Employees should transfer any suspicious calls to the Systems Administrator ext. 141 / 970-725-3041. 3. Bottom line is do not give your password to anyone. Do not participate in phone surveys that ask you questions about your computer or the programs you use. Direct these callers to your Systems Administrator.
Phishing is a scam in which an email message directs the email recipient to click on a link that takes them to a web site where they are prompted for personal information such as a pin number, social security number, bank account number or credit card number. Both the link and web site may closely resemble an authentic web site however, they are not legitimate. If the phishing scam is successful, personal accounts may be accessed. If you receive one of these emails:
2. Delete the email message. 3. Do not provide any personal information in response to any
email if you are not the initiator of the request.
Links to submit technical support tickets Links to access the county webmail service Information on safe computing practices for children HR forms and information
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Laptops, PDAs and Cell Phones are more easily stolen or misplaced because of their size. Remember, if your laptop is gone, your data is too. Small computer devices carry information that must be protected. Electronic information is now accessible via a variety of means. A person can even download desktop data using the Internet to a cell phone. While convenient to use, some good practices will help protect your information. 1. Use a password to lock your phone if it is used to download email. 2. Report the loss of a phone or a computer to the System Administrator so that the device can be blocked from our network. Smart Phones can be remotely scrubbed if needed. 3. Always allow IS to configure your wireless equipment so that safe guidelines are followed. 4. You will be charged for any non-county business conducted on your mobile phone or air cards.
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 8
Remote Access allows users to access data from outside locations using Internet, or cellular/wireless access on the Internet. Because this form of access is designed for off-site use that may extend after normal business hours, extra measures are required to prevent unauthorized access.
1. All remote access (VPN) to or through County resources must be pre-approved by the County Manager and configured by the Systems Administrator
4. Occasionally software support will need to make a connection to your computer to work through an issue. Please notify IS in advance if you are going to need this level of support so that the firewall can be adjusted so as not to block the connection.
Video Conferencing and Go to Meeting... Grand County owns Video conferencing equipment, and with 24 hours prior notice can provide you with access to the equipment. Employees needing to use special WebEx or other meeting software access should contact the IS Department with a request to test at least a day before the event to verify that the firewall will support your session. Door Codes and key fobs These codes and devices are to be treated exactly as passwords described earlier. Report lost or stolen fobs and contact IS if your door code is compromised. Never store a door code on a mobile phone.
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 9
Help Your County IS Department will always be your first line of support for all hardware and software issues. Any questions regarding your PC, software, phones, printers, scanners or any other networked equipment should be directed to the IS Help Desk. For non emergency support submit a trouble ticket by logging onto www2.co.grand.co.us/kayako/ You will need to register the first time you use this service. If you are experiencing an urgent incident you may call the help desk directly at 725-3108, 531-6815 or courthouse ext. 108. Any County employee desiring to add hardware or software to their PC system must contact IS. You may not under any circumstance connect equipment to the Counties network without the approval of the Director of IS. Only Department Heads can direct IS to authorize access to Information resources for employees. This request must be submitted using the IS employee routing form. County owned equipment can never be used to benefit a political candidate or political organization in any way. This includes your email account, cell phone, office phone, computers or other office equipment or supplies. Per county policy, Internet is to be used for professional purposes only. If you need to use Internet for a personal matter, you may use the computer in the lunch room or the internal wireless Internet (on your own equipment) in the Administration Building. Contact IS for the passwords. Grand County uses a content filter to block access to inappropriate websites. The process uses an algorithm to score each site you visit and looks to prevent sexual, violent, racists, and vulgar content. Websites that require and use a large amount of bandwidth like streaming music and video are also blocked so that people using the Internet with a business need have priority on the system. Occasionally a legitimate site will become blocked and can be made accessible by calling or Emailing the Systems Administrator at 970-725-3041
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 10 HIPAA Health Insurance Portability and Accountability Act (HIPAA) of 1996, applies to any county office that maintains, reviews or creates electronic health information records The Security component of HIPAA includes the following guidelines: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software that have been granted access rights. Making health information accessible to health care providers and those responsible for operations and billing while preserving the privacy of the patient is the mandate. Health care administrators and providers must use complex password policies that require periodic changes All computers used to store health information must be located in a secure building with physical access controls such as logging door access locks. Never store Health Information on a local drive or portable device, this includes PDAs, telephones and jump drives. All county laptops must use data encryption software Any unintentional disclosure of protected health information must be immediately reported to the County HIPAA Officer, Lurline Underbrink Curran All computers, recording media and records systems storing protected health information must be disposed of properly by first destroying the device or media. The device or equipment cannot be thrown away or transferred unless the storage device or media is unreadable and unrepairable.
Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html
Page 11 Email There is a size limit to email attachments. Do not attempt to send attachments larger than what the mail program can handle. Because technology is constantly changing, the size limitation is also changing. Contact IS to learn what the current limit is. The system will reject attachments larger than the current size limitation. (10 Mb) If files greater than the current size limitation need to be transferred through email, contact IS for instructions on available alternatives. It is strongly recommended that the Employee and Department email aliases be used only for business related messages that are specifically intended for all employees. Be careful addressing emails, don't make the mistake of sending everyone a message intended only for a few! Acknowledgement:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a collaborative effort for State and Local Governments in strong partnership with the US Department of Homeland Security.
Grand County Information Systems www.co.grand.co.us 970-725-3042 @2005 Multi-State Information Sharing & Analysis Center (MSISAC) Copies and reproductions of this content, in whole or in part, may only be distributed, reproduced or transmitted for educational and non-commercial purposes. Published by: The Multi-State Information Sharing and Analysis Center (MS-ISAC) http://www.cscic.state.ny.us/msisac/index.html