Public Records Reminder: Recognize that if you are communicating about public business over non-enterprise tools, then you are likely creating a public record and you (as the sender/receiver of the record) need to determine how you will keep the record according to the North Carolina Local Government Records Retention requirements.

1. All City of Albemarle employees must complete a teleworking agreement before beginning to work from home. This will notify our IS department that you intend to participate in this opportunity. IS protocols are in place to assist you with securing your environment and data access/transfer/storage.
2. When you are working from home on your home network (on work or personal devices), ensure that your home router is properly secured.
   1. First, make sure you change the factory-preset password. Many people do not do this, and it leaves their home networks vulnerable.
   2. Ensure firmware updates are installed to patch any security vulnerabilities.
   3. Set your router’s encryption to WPA2 or WPA3. WEP is not sufficient.
   4. Use this guide for more advanced practices, like restricting inbound and outbound traffic
3. Avoid public WiFi if possible as these are not secure networks. Never use public WiFi if you access City of Albemarle documents that are “local” on your device – a copy of the document is on your device… You CAN use public WiFi if the only target you are accessing is to open the City’s App Store environment. Our App Store environment does create a secure/encrypted connection to City of Albemarle documents and resources from your device (computer/tablet/smartphone). Reminder: never copy documents from your local device to the App Store session.
4. CRITICAL: watch out for phishing emails, voicemails, text messages, and even fake "Social Media" Corona virus maps. As people transition to teleworking, we are seeing a huge spike in social media attacks. If you receive a message that purports to be from a known associate, double check the email address, NEVER open attachments or click on links until you have confirmed that the sender is legitimate. If there is any doubt about an email message confirm with the sender before replying to an email message, clicking on any links in the email message, or opening any attachments to the message.
5. Best practice: ensure firewalls are set active on your personal device. Your device’s operating system should have a built-in firewall, but there are other options to add more protection on your personal devices if needed. Information Systems Department will have handled the firewall setup for work devices.
6. Best practice: always use up-to-date antivirus software on your personal devices. In the case of work-provided devices, this software will already be installed and running.
7. Best practice: ensure that operating system and anti-virus updates are being installed regularly. Patches for security vulnerabilities are essential for both work and personal devices. It is easiest to set these updates to run automatically during non-waking hours.
8. Always use strong passwords for your accounts and change them regularly. Best practice: a strong password should be 12 or more characters with a mix of numbers and special characters, and uses no “dictionary” words.