Internet and e-mail  

The Internet is a very large, publicly accessible network that has millions of connected users and organizations worldwide. For the purpose of this policy e-mail shall be considered any email address that is attained through a user’s affiliation with UNC-CH. Access to the Internet and UNC-CH e-mail is provided by UNC-CH, and indirectly by the SOP to the majority of computer users in the SOP.  

The Internet and e-mail are replete with risks and inappropriate material. To ensure that all SOP members are responsible and productive Internet/Email users and to protect the SOP’s interests, the following guidelines have been established for using the Internet and e-mail.

- Acceptable use

Usage of the internet and email should be limited to work related business only. Anyone using a computer in the SOP regardless of affiliation must adhere to the UNC-CH Data Network Acceptable Use Policy.  Email transmissions are done in text form and easily read, do not send confidential/personal information via email.  Computers users are also responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. Managers and Supervisors are responsible for enforcing the policy for all personnel; including non traditional personnel (temps, vendors etc.) that are employed or contracted by their departments.  

- Email viruses, malware , spyware and Identity theft 

Email clients supported by ITSOP are: Thunderbird, Webmail, and Mulberry. It would be nearly impossible to
support all available email clients.  ITSOP will advise  on configuration on other email clients, but will not be able to offer support after initial set up.

To avoid identity theft, never give out personal information when asked to via email, most companies will never ask you for this information via email.  If you feel that the request is legitimate you should call the company directly to verify 

Review UNC’s ONYEN policy (campus/email username)

Review UNC’s policy on the privacy of electronic information

- Instant Messaging Programs 

Instant messaging (IM) is a tool like e-mail that allows a form of text-based communication from one person or persons to another. It operates on a real-time basis, meaning that as long as the required parties are connected to an IM server, each party is able to see the connection status of the other and communicate with them almost instantly. Like a phone conversation, IM allows users to “chat” back and forth in real-time.

ITSOP supports IM use for job-related activities.

ITSOP supports the installation and usage MSN Messenger as the approved IM client.

All policies and guidelines pertaining to email content also apply to IM, including, but not exclusive to, policies regarding solicitation, obscenity, harassment, pornography, sensitive information, and malware.

Usernames should be appropriate for a professional environment 

IM Security

Instant Messaging, like any other type of software that utilizes network connectivity, has the potential for security-related issues. Most IM traffic is sent in clear text, which is not encrypted.

The following statements apply to IM security:

To maintain security of SOP network usernames and passwords, IM users must choose an IM username/password combination that differs from their login ID and password for the SOP network.

Sensitive data such as usernames, passwords, Social Security Numbers, and account numbers that are passed via IM could possibly be read by parties other than the intended recipient(s). Clear text traffic also makes IM vulnerable to man-in-the-middle attacks, where a malicious third party intercepts and possibly manipulates IM traffic. Transferring sensitive data over IM is prohibited.

Many IM clients provide for peer-to-peer file sharing, which may include functionality that allows other IM users to view and download files from the host computer. Peer-to-peer file sharing is not allowed through the SOP network. SOP employees are to disable file-sharing features that allow other IM users to obtain information about files or directories stored on the employee’s computer, i.e. IM clients should not function as peer-to-peer file-sharing servers.

Many IM clients provide for person-to-person file transfers. This is, in nature, similar to sending an e-mail attachment. All policies and guidelines pertaining to email attachments also apply to file transfer via IM.

IM can make a user's computer vulnerable to denial of service (DoS) attacks. A DoS attack is where one or more remote computers attempt to disable a computer by flooding it with network traffic. IM users should configure their IM clients in such a way that they do not receive messages from unauthorized users (often phrased like, “Only accept incoming messages from users on my Buddy List”).