My Plumber IT Policy

No one shall permit personally identifiable information (PII)**** such as social security number and or birth date, HIPAA, medial information, drug testing results, credit card numbers, account numbers, or passwords to be transmitted, published or shared inappropriately. All sensitive confidential information shall be securely stored by means of password protection or data encryption. All confidential information transmitted via email or by other electronic means shall only be done with encryption, as follows:

(a) The password for such encryption shall not be included with or communicated in the same manner as the password protected encrypted document. Example, if emailing an encrypted document, the password shall be communicated by other means, such as an SMS/text message, or by phone call to the other person(s) needing the encryption key or password.

(b) All passwords shall be strong passwords as defined at: Tips for creating a strong password.

(c) Email encrypted using a third party service such as Virtru, GNU Privacy Guard, Zixcorp, or Symantec meets the requirements for encryption. Specifically, any product or service listing “HIPAA compliant” is sufficient protection. My Plumber uses Virtru.

(d) Passwords used for encryption and account access should be unique. Most unapproved account access (“hacking”) is through either software vulnerabilities or poor passwords. Users are encouraged to use password managers to make good practice easy. I personally use BitWarden password manager, which also includes an Authenticator App, but I prefer LastPass for an Authenticator App, because it is easy to search, add, backup and copy to another device, but not as a password manger, if you only need to use an Authenticator App on a few website, the popular Google Authenticator App is a good choice.

(e) Documents and files stored in the Documents folder on the company servers are password protected, only authenticated users have access to them while stored on the company servers.

How To Use Encryption

There are several ways you can create an encrypted password protected document, Microsoft Office 2007 and later supports encryption, as does WinZip, and Adobe Acrobat. There are also free web browser plug-ins and extensions available. The best free ways for you to get a document to someone securely:

(a) Upload the file(s) to https://drive.google.com then share the folder/file with that person(s) using their email address. *

(b) Microsoft Office Word and Excel Encryption **

(c) Users of Adobe Acrobat, like Joe, can use Acrobat to encrypt PDF's. Note only the file attachment is encrypted, the body of the email is not. **

(d) The easiest way to send an encrypted email it so use Virtru Email Encryption with Google Chrome and Gmail. ***

(e) LastPass is a recommended password manager.

* ( The file itself is not encrypted, but Google transmits the file securely over SSL to and from the sender and/or recipient. The files stored on Googles servers are encrypted. See Google Security.

** (Only the file attachment is encrypted, the body of the email is not.)

*** (Both the file attachments, and body of the email are encrypted.)

Internal Office Documents

Documents for internal office use should not be emailed to or from an @MyPlumber.com email address. These documents should be shared with users in the office by way of the appropriate and applicable My Document folder on the users computer. There would only be a need to email such documents if the user does not have access to a computer in the office. Note only authenticated users have access to them while stored on the company servers. Some folders have restricted access based on each person's access permissions.

Faxes

Since the My Plumber fax system forwards faxes via regular email, receiving faxes shall not be considered secure or private. The only exception to this is one fax number 703-539-0409 shared by Joe and others which is secure, Faxes sent to this fax number are not email, they must to retrieved via a secure SSL website.

When sending a fax, unless you know for sure the recipient is using a stand-alone fax machine, and they are not using a online fax service that emails the fax, then it too must be considered not secure or private.

Security

To prevent unauthorized access to your computer and company data.

(a) All online accounts shall use 2-Step Verification (2SV) a.k.a. Multi-Factor Authentication (MFA)

(b) All users when not at their computers shall either lock their computer screens or log off/sign out of the system.

(d) Passwords shall only be stored securely. i.e. Carried on your person, or in a password encrypted protected document. Note that being taped under the keyboard is not considered secure.

Email Security

To help prevent unauthorized access to your Google Workspace account, i.e. Email, Google Docs, etc.

Email and other online accounts must use Turn on 2-Step Verification (2SV) a.k.a. Multi-Factor Authentication (MFA)
- - With 2-Step Verification, or two-factor authentication, you can add an extra layer of security to your account in case your password is stolen.
  - After you set up 2-Step Verification, you can sign in to your account with:
  - Your password and a second step
  - Your passkey

Never open any email attachments unless all of these conditions are met:

You know who who sent it
You know exactly what the attachment is
You are expecting the attachment from a trusted person
You do not acknowledge or bypass any warnings or caution messages

Never click on links in emails, (see above precautions) you must manually enter the URL in the browser address bar yourself, not the search. i.e. you receive an email with a link saying there is a notice, information, action that needs to be performed, do not click on it.

Only visit trusted business related websites, and even then be careful, preferably only visit websites with a trusted SSL.

Do not use your company email address for personal accounts including but not limited to social media accounts such as Facebook, Twitter, LinkedIn, or other types of personal accounts such as online banking, shopping, etc. This will also help reduce the risk of cyberstalking, and the chance of you losing access to your account.

Email Addresses

Your company email address user-name@MyPlumber.com or user-name@Tech.MyPlumber.com are only to be used for My Plumber Plus official business purposes, it is not to be used for personal use. Examples included but are not limited to, Social Media, Banks, 401k plans, ADP, Workforce, Netflix, Ticketing, Travel, Utility companies, primary account on a mobile device, etc. One of several reasons for this is that if you are no longer employed by My Plumber Plus, your email account gets deleted, and you would possibly lose access to your accounts. If you do not know what personal use would be considered, please ask your manager.

Programs, Software, Apps

You shall not download or install any programs, software, or apps, if anything needs to be installed, contact the IT department system administrator.

What are common scams and how do I spot them?

PayPal's website has very good easy to understand information on how to avoid common scams Please review it https://www.paypal.com/us/cshelp/article/Help201

Revisions

As the need may arise from time to time, My Plumber reserves the right to revise, modify, or otherwise alter any part(s) of this IT Policy, or this website in whole or in part. By using this Site, now or in future, you acknowledge and are bound by any and all revisions, in whole or in part, and you should visit this web page to insure your understanding of the then current IT Policy of My Plumber and this Site. While every effort is made to insure the accuracy of the Site and all copy contained herein, My Plumber does not warrant the accuracy, claims, or any other statement on the Site.

Questions?

Contact your department manager or the IT department

Revised July 07, 2025 & October 04, 2022 & May 23, 2016

Page updated

Report abuse

My Plumber IT Policy