Security Awareness Training: Topic 2

Rules for Mobile Communications and Computing Devices

Various types of portable devices can be used in support of County business. Because they are portable and can be used anywhere, they are at a significantly higher risk of loss, theft, hacking, and the distribution of malicious software. As such, you take on additional responsibility for the security of such devices to protect any stored confidential or sensitive information.

Portable devices are subject to the work site security requirements previously mentioned in Topic 1 (Information Technology Physical Security).

Portable Mass Storage Media

  1. ITS cannot manage the security of portable mass storage media.

  2. Use an encrypted device and obtain your supervisor's approval to transport confidential or sensitive data as defined under Federal and State laws and/or by County Policy.

  3. You accept personal responsibility for properly disposing of or erasing the information stored on media.

  4. Connecting your personally owned media or device to a County device may result in a virus to your device, therefore it is discouraged.

County Owned Mobile Communication Devices

If you are assigned a County owned mobile communications device to conduct County business, you should be aware that:

  1. Except as noted in Topic 12 (Incidental Personal Use of County Information Technology), your device may not be used for personal use.

  2. Personal long distance calls are prohibited, unless placed as part of official travel and in compliance with section 8.2 of the County Travel Policy. This section provides for one call of ten minutes or less to home per day while on travel status.

  3. You are responsible for minimizing the cost of your County issued device.

  4. Utilize assigned landlines as available and appropriate. Most County devices are set up on calling plans with a set amount of minutes or pooled minutes, and typically include long distance, and roaming. Plans typically also include a set amount of free text messages.

  5. Personal calls or text messages that result in additional charges to the County must be reimbursed at the excess minute/message rate.

  6. Note that forwarding incoming calls from a landline to your device will typically generate a per transfer fee. In general, this is not a cost effective practice and it is discouraged

  7. You are responsible for following Oregon Government Standards and Practices Laws when using a County owned device. These laws prohibit any individuals engaged by the County or elected official from using their "official County position" to obtain a financial benefit or avoid financial detriment. For example, exceeding your plan's limit for incidental use will cause the County to incur a charge. If the overage is due to personal use, this is a violation of ethics laws as this is considered a personal benefit or avoidance of financial detriment.

Personally owned Mobile Communication Devices

You can use your personal mobile device to access County emails and calendar:
 
  • For qualified staff, the County has implemented a Stipend Program, for the use of personal mobile devices in part for County business use. This program provides an allowance to cover a portion of the monthly cell/Smartphone bill. 

  • Under the Stipend Program, your device may be registered the County's Mobile Device Management (MDM) system. This system allows the County to wipe County data off of the device in the event that it is lost or stolen. Use of a personal mobile device requires that Users sign a MDM Service Level Agreement (SLA) with ITS.

  • If you do not qualify for the Stipend program, acceptable use of your device for County business must follow the security measures defined by this policy. ITS can only provide limited support to troubleshoot and access issues.

 

 security awareness training home button   cyber security button prev pg  cyber security button next page cyber security button glossary