Exhibit 1 – End User Guidelines

Eligibility shall be determined by senior management based on position level or job necessity. The IT department will maintain a list of approved users to be reviewed with senior management annually.

Approved Devices
Only CU owned equipment on approved platforms shall be used when connecting to CU data services and for purposes of e-mail, file access, calendaring, messaging, etc. The IT department will maintain a list of approved platforms to be reviewed annually. Other approved devices may be utilized for voice
communication only.

All approved devices shall be subject to the following usage policies:

• Lost or Stolen Devices – Lost or stolen devices are to be reported immediately to senior management and to the IT department.

• Personal Use – Employees may use the device for personal communications subject to all other provisions within this policy including the section titled: No Expectation of Privacy

• Encryption – All data “in flight” and “at rest” shall be encrypted at the “strongest” level permitted on the approved platforms. The credit union will require all devices to employ full encryption

• Required Apps – The credit union will require specific applications in order to comply with usage policies, protect the equipment (i.e. security suites) or enable document formats on the device. Required apps will be distributed via a central management system. Specific app configurations may be defined and published. It will be the user’s responsibility to set and ensure configurations as defined.

• Encryption – All data “in flight” and “at rest” shall be encrypted at the “strongest” level permitted on the approved platforms. The credit union will require all devices to employ full encryption

• Multimedia Messaging Services – Will be restricted at the discretion of senior management and the CIO.

• SMS-Text-Permitted use is limited to Marketing messages intended for multiple recipients.

• Attachment Size Restrictions – Will be at the discretion of management and CIO.

• Password Requirements – All devices shall be password protected to unlock and use the device. The device shall lock due to inactivity. Passwords shall have a minimum length of six characters and will include at least one alpha and one numeric. These parameters will be set and enforced via a credit union central management system. (Users may enable biometric settings to facilitate use of fingerprints, facial recognition, retina scan, etc.)

• Password Failure – IT will automatically enforce a complete “wipe” of the device deleting all data and programming after a predetermined number of un-successful login attempts. This parameter will be set and enforced via a credit union central management system..

• Device Safeguarding – Devices and data contained shall be subject to all relative safeguarding as outlined in the Information Security Policy. Caution shall be used to protect the visibility of information on the device screen. The device is for use by the assigned employee only. The device shall not be left unattended outside of controlled areas.

• Camera Use – Devices shall not be used to acquire images within the workplace for publication or distribution. Unless otherwise approved by senior management, camera images will be for internal use only.

• Conversation Safeguarding – Conversations relative to CU business or member information shall be subject to all relative safeguarding as outlined in the Information Security Policy.O.

• Download Expenses – Any expense related to an un-authorized download shall be the liability of the user.

• Expense Liabilities – First New York shall be responsible for general expenses related to services supporting the use of handheld devices. Acceptable expense levels shall be evaluated and determined by senior management related to position, and evaluated monthly at the time of billing. Excessive use incurring expense will be evaluated and may prompt specific individual limitations or thresholds to apply. Excessive personal use may result in reimbursement of related expense by the user.

• Use While Driving – Use of the device while driving or operating equipment is forbidden except as allowed by State and local governing laws. Hands free operations only are permitted.

• Device connections – Devices may only be connected to CU equipment. Connections to home or other computer systems are strictly prohibited.

• Tethering – The device can be used as an IP modem only at the discretion of management and IT.

• Ringtones and Alerts – All audible alerts shall be professional and non-offensive.

• Termination – Upon employee termination, the CU will “wipe” the device deleting all data and programming. Connectivity will be terminated. The device will be returned to the user’s immediate supervisor.

• Other policies may apply and be enforced at the discretion of management and IT.

• Specific exceptions may be made to this policy at the discretion of management and IT.

• Penalties – Failure to comply with policies outlined in this section may result in the loss of handheld
privileges. All other penalties within the policy apply.

• All calling numbers applying to First New York devices will become the property of First New York and porting of these numbers outside of the plan will be restricted.

• Location Services must be enabled at all times.

• Specified software clients and configurations defined by the IT department must be installed and maintained at all times. These may include Mobile Device Management, Mobile Security clients etc.

• Hot Spot usage – Mobile device Hot Spot capabilities should be used sparingly and for business use only unless otherwise approved by senior management.

• Data Usage – Mobile devices should be connected to Wi-Fi whenever possible in effort to minimize data usage fees from our provider. Users should use mobile data sparingly.

Internet Access and Use:

Disclaimer – The Internet is a worldwide network of computers that contains millions of pages of information. Users are cautioned that many of these pages include inappropriate material. In general, it is difficult to avoid at least some contact with this material while using the Internet. Even innocuous search
requests may lead to sites with highly offensive content. Additionally, having an e-mail address on the Internet may lead to receipt of unsolicited e-mail containing offensive content. Employees accessing the Internet do so at their own risk and the First New York Federal Credit Union is not responsible for material viewed or downloaded by users from the Internet. To minimize these risks, your use of the Internet at the credit unionis governed by the following policy:

Accessing the Internet – To ensure security and avoid the spread of malicious content, employees accessing the Internet through a computer attached to the Credit Union’s network must do so through an approved Internet firewall. Bypassing the Credit Union’s computer network security by accessing the Internet directly by other means is strictly prohibited unless the computer you are using is not connected to the Credit Union’s network.

Internet content filtering – The Credit Union will employ software in effort to filter and control the type of content and sites visited by users. This software may also be utilized to track and monitor individual user activity. The content and site types currently filtered are subject to change at the Credit Union’s discretion without notice. The IT Manager is responsible for updating the content and site types.

Users will additionally abide by the following Guidelines:
GUIDELINE 1: First New York FCU employees should use the Internet when appropriate, to accomplish job responsibilities more effectively. The Internet provides access to a wide variety of information resources that can aid Credit Union employees in the performance of their jobs.

GUIDELINE 2: Use of the Internet by Credit Union employees is a privilege, not a right. This privilege may be revoked at any time for inappropriate conduct. Credit Union employees have an obligation to use their Internet access in a responsible and informed way, conforming to network etiquette. Use of the
Internet encompasses many different interconnected networks and computer systems. Many of these systems are provided free of charge by universities, public service organizations and commercial companies. Each system has its own rules and limitations, and guests on these systems have an obligation to learn and abide by the rules. Users should identify themselves properly when using any Internet service. They should also be careful as to how they represent themselves; because what they say or do could be interpreted as Credit Union opinion or policy. Users should be aware that their conduct reflects on the reputation of the Credit Union and its employees. Examples of inappropriate conduct include, but are not
limited to:

• Use of the Internet for unlawful activities;

• Use of abusive or objectionable language in either public or private messages;

• Misrepresentation of oneself or the Credit Union; and

• Malicious use of the Internet: including hate mail, harassment or discriminating remarks.

GUIDELINE 3: First New York FCU employees shall respect intellectual property rights (Copyrights, Software licenses, and personal privacy) at all times when obtaining information over the Internet. Illegal or unauthorized downloading, uploading, copying or distribution of copyrighted works is strictly
prohibited. Employees should be aware that such infringements could result in legal liability for themselves and/or the Credit Union.

GUIDELINE 4: First New York FCU employees may use the Internet during working hours for professional activities related to their positions. Supervisors should work with employees to determine the appropriateness of these activities, and to ensure that employees do not use Credit Union equipment and
facilities for private business or financial gain. Examples of professional use include:

• Communicating with fellow members of a committee in a credit union or other professional
organization;

• Connecting to resources that provide information relating to educational opportunities and career
development;

• Participating in and reading electronic mail discussion groups on professional issues or future
credit union trends; and

• Collaborating on articles and other publications.

GUIDELINE 5: First New York FCU will permit Internet use on employees’ personal time after work, during lunchtime or breaks. The Credit Union recognizes that employees who use the Internet on personal time can enhance their knowledge of electronic information resources and sharpen information
technology skills. Internet use provides cost-effective self-training opportunities. By encouraging the exploration of the Internet on personal time, the Credit Union builds a pool of Internet-literate employees who can guide and encourage other employees in using the Internet. Credit Union employees may use the
Internet on personal time at work in accordance with these guidelines. Personal time is defined as time after work. In areas of the Credit Union where employees must share equipment or resources for Internet access, employees using the resources to fulfill job responsibilities have priority over those desiring access for personal use.

GUIDELINE 6: Only those individuals who are responsible for maintaining First New York FCU Internet services are allowed to place information on the Credit Union website. Employees wishing to comment on or suggest information for our website should contact the Marketing department. Any material posted on the Credit Union’s website becomes the property of First New York FCU.

Digital Communication Channel Guidelines

The following guidelines should be observed within any communication channel utilized including: email, chat, or SMS text, video or other. It is expected that the levels professionalism and conduct is consistent with in person conversations.

Only CU systems are authorized for business and member communications. It is strictly prohibited to use any personal device or app/application to communicate.

• Communicating with fellow members of a committee in a credit union or other professional
organization;

• Connecting to resources that provide information relating to educational opportunities and career
development;

• Participating in and reading electronic mail discussion groups on professional issues or future
credit union trends; and

• Collaborating on articles and other publications.

1. Monitor and respond to messages in a timely manner.
2. If a personal message could be perceived as First New York FCU business or opinion, add a disclaimer when not officially representing the Credit Union. An example of a disclaimer would be: “The opinions expressed here are my own and do not necessarily represent those of First New York Federal Credit Union.”
3. Use signature blocks at the bottom of electronic mail messages. Signature blocks should contain the name of the credit union, address, title of individual, email address, phone and fax numbers.
4. Be sensitive to channels that are not secured. Others may be able to read or monitor channels that are not identified as encrypted or secured. Email and SMS Text may best be regarded as a postcard rather than as a sealed letter.
5. Keep stored messages to a minimum. Periodically, delete old or unwanted messages and files because they take up disk storage space.
6. Keep messages short and to the point. Generally limit messages to one subject.
7. Act in a professional and courteous manner. Avoid gossip and remember that statements about others may find their way back to them. Be patient with new users.
8. Be clear and concise. Re-read messages before sending them to be sure that they will not be misunderstood. Read all messages carefully before sending or responding.
9. Be aware of the potential audience in any discussion group and address them accordingly.
10. Do not use sarcasm. Identify intended humor with standard statements (e.g., “only joking”).
11. Give cites and credit for all quotations, references and sources when appropriate.
12. These channels shall not be used to transmit vulgar, profane, insulting or offensive messages such as racial or sexual slurs.
13. No derogatory comments should be written or sent about any member or any employee.
14. Sensitive or confidential information will not be exchanged via un-secured channels with any member, vendor or other party.
15. Users should never open attachments or click links from other than trusted sources.
16. Users should verify attachments with sender if it is not expected or looks suspicious.
17. Discriminatory content is prohibited from all electronic communications. This includes all messages, links or attachments.