Security Top Ten

Information Security Top 'Must Knows'

the City of Bothell Is Required to Maintain Technology Resources and Data in a Manner That Meets Security Requirements as Mandated by of a Number of Governing Agencies

  • The majority of the requirements affect the Information Services division, which is required to implement procedures to meet all governing requirements.
  • The restrictions affecting you as a user are based on these requirements.

Sharing Passwords or Logging Another Person as Yourself Is Prohibited and May Result in Disciplinary Action

  • Sharing passwords with another employee, friend, family member, etc is never ok. Sharing your password with an authorized City of Bothell Information Services staff person for specific account troubleshooting is permitted.
  • Logging another person into a computer or system using your credentials is never ok.
  • Access to any City data resource must be authorized by Information Services and in accordance with City policies. If you know of an individual who needs computer access, contact Information Services or Human Resources for information.
  • All users must have their own unique username and password. Generic or shared accounts are prohibited.

Sharing or Lending Your Key Card to Any Person Is Prohibited and May Result in Disciplinary Action

  • Do not lend out your keys or key card.
  • Do not let a person in the building or secured area without an escort unless you personally know who they are and are sure that they are authorized to be in that area.
  • Do not leave unauthorized persons in ‘non-public’ areas unattended. All visitors are required to be escorted at all times while outside public areas.

General Password Requirements

  • Using passwords for City systems that you also use for personal accounts or systems is prohibited.
  • Writing your password down and storing it in your work area is prohibited.
  • Storing your City login information on a personal phone or personal computer is prohibited.

All technology purchases must be processed and approved by Information Services

  • Purchases of all software, hardware, mobile devices, thumb drives, etc must be coordinated through and approved by Information Services. Refer to Administrative Order 2.4.2, Technology purchasing for more information.

Use of Non-authorized Thumb Drives Is Prohibited

  • All thumb drives require a specific form of encryption (as mandated by governing agencies) and must be purchased through I.S.
  • Unsecured thumb drives provided by vendors, at conferences, trainings, etc are NOT permitted to be connected to any city computer.

If the City Doesn’t Own It, It Cannot Be Connected to the Network or to a City Computer

  • Equipment owned by Vendors, presenters, employees, volunteers, or any other entity other than the City of Bothell are prohibited from connecting to the City network.
  • Personal devices such as thumb drives, cameras, mobile phones, etc are not permitted to be connected to City computers.

Handle Sensitive Data With Care

  • Never fax or email sensitive data.
  • Do not store sensitive data any longer than required under the City of Bothell's document retention policy or applicable laws require. When no longer needed, destroy it.
  • Keep it locked up at all times.
  • Only authorized staff who have been appropriately vetted by the City and trained is permitted to handle cash, credit cards, or any other sensitive data. Contact Human Resources or Information Services for more information.

Don't Install Software On Your Computer

All software purchases and installations must be coordinated through and approved by Information Services per Administrative Order 2.4.2. This includes shareware or freeware.

Do Not Leave Visitors or Vendors Unattended in Non-public Access Areas

  • It is strictly prohibited to let visitors or guests use City computers.
  • All visitors must sign in and sign out.
  • All visitors must be escorted when not in public access areas.
  • No unauthorized persons may be left unattended near any City computers or file storage. This includes any person, including vendors, who are not properly vetted through HR and IS
  • Report non escorted visitors. Always notify your supervisor and I.S. of non escorted visitors in limited access areas.

Be Cautious When Using the Internet

  • Don't provide personal or sensitive information to Internet sites, surveys or forms unless you are using a trusted, secure web page.
  • Be aware of where you are going before clicking on a web link. When in doubt, do not attempt to access the link from a City computer.
  • If you suspect your computer has been infected with malware/virus, shut it down and contact I.S. immediately.

Email Use

  • Viruses and malware are easily spread through email. Never open attachments unless 1) you are expecting it and 2) you know who sent it.
  • Using your City email account for personal business or personal use is prohibited.
  • Email is retained for public disclosure even after deleted by individual users.
  • Do not send attachments to ‘All’.
  • Do not send emails to ‘All’ unless city related and timely.
  • Delete spam and suspicious emails. Don't open, forward or reply to them.
  • If you suspect your computer has been infected with malware/virus, shut it down and contact I.S. immediately.

Dispose of all Media Appropriately

Dispose of CDs, DVDs, thumb drives and external hard drives in an approved media destruction bin. Most City locations have such a bin. If you site does not, you can find one at City Hall.

Secure Your Area Before Leaving it Unattended

  • Lock or shut down your workstation.
  • Lock windows and doors.
  • Be sure to lock up portable equipment and sensitive material before you leave your work area (take keys out of drawers).