Internet and E-mail  

The Internet is a very large, publicly accessible network that has millions of connected users and organizations worldwide. For the purpose of this policy e-mail shall be considered any e-mail address that is attained through a user’s affiliation with UNC-Chapel Hill. Access to the Internet and UNC-Chapel Hill e-mail is provided by UNC-Chapel Hill, and indirectly by the UNC Eshelman School of Pharmacy, to the majority of computer users in the School.  

The Internet and e-mail are replete with risks and inappropriate material. To ensure that all School members are responsible and productive Internet and e-mail users and to protect the School’s interests, the following guidelines have been established for using the Internet and e-mail.

Acceptable Use

Usage of the Internet and e-mail should be limited to work-related business only. Anyone using a computer in the UNC Eshelman School of Pharmacy regardless of affiliation must adhere to the UNC-Chapel Hill Data Network Acceptable Use Policy.  E-mail transmissions are done in text form and easily read; do not send confidential or personal information via e-mail.  Computers users are also responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. Managers and supervisors are responsible for enforcing the policy for all personnel; including nontraditional personnel (temps, vendors etc.) that are employed or contracted by their departments.  

E-mail Viruses, Malware, Spyware, and Identity Theft 

E-mail clients supported by ITSOP are Thunderbird, Webmail, and Mulberry. It would be nearly impossible to support all available e-mail clients. ITSOP will advise  on configuration on other e-mail clients but will not be able to offer support after initial set up.

To avoid identity theft, never give out personal information when asked to via e-mail; most companies will never ask you for this information via e-mail.  If you feel that the request is legitimate, you should call the company directly to verify.

Review UNC’s ONYEN policy (campus/e-mail username)

Review UNC’s policy on the privacy of electronic information

Instant Messaging Programs 

Instant messaging is a tool like e-mail that allows a form of text-based communication from one person or persons to another. It operates on a real-time basis, meaning that as long as the required parties are connected to an IM server, each party is able to see the connection status of the other and communicate with them almost instantly. Like a phone conversation, IM allows users to chat back and forth in real time.

ITSOP supports IM use for job-related activities.

ITSOP supports the installation and usage of MSN Messenger as the approved IM client.

All policies and guidelines pertaining to e-mail content also apply to IM, including but not limited to policies regarding solicitation, obscenity, harassment, pornography, sensitive information, and malware.

Usernames should be appropriate for a professional environment 

IM Security

Instant messaging, like any other type of software that utilizes network connectivity, has the potential for security-related issues. Most IM traffic is sent in clear text, which is not encrypted.

The following statements apply to IM security:

To maintain security of School network usernames and passwords, IM users must choose an IM username/password combination that differs from their login ID and password for the School network.

Sensitive data such as usernames, passwords, Social Security Numbers, and account numbers that are passed via IM could possibly be read by parties other than the intended recipients. Clear text traffic also makes IM vulnerable to man-in-the-middle attacks where a malicious third party intercepts and possibly manipulates IM traffic. Transferring sensitive data over IM is prohibited.

Many IM clients provide for peer-to-peer file sharing, which may include functionality that allows other IM users to view and download files from the host computer. Peer-to-peer file sharing is not allowed through the School network. SOP employees are to disable file-sharing features that allow other IM users to obtain information about files or directories stored on the employee’s computer, i.e. IM clients should not function as peer-to-peer file-sharing servers.

Many IM clients provide for person-to-person file transfers. This is, in nature, similar to sending an e-mail attachment. All policies and guidelines pertaining to e-mail attachments also apply to file transfer via IM.

IM can make a user's computer vulnerable to denial-of-service attacks. A DoS attack is where one or more remote computers attempt to disable a computer by flooding it with network traffic. IM users should configure their IM clients in such a way that they do not receive messages from unauthorized users (often phrased like, “Only accept incoming messages from users on my Buddy List”).