Securing Remote Work
In accordance with Policy 40.063 Flexible Work Schedule, Flexible Hours, and Flexplace for Administrators, Flexible Work Schedule, working remote requires several safeguards to help protect University information. The Information Security Office has made a three-part checklist below to help ensure your remote work activities are secure. Part one explains how to secure your computer, part two explains how to secure your OHIO account, and part three explains how to secure University data.
1. Securing your computer
If you have a University-provided laptop, this should be used for remote work. If you do not have a University-provided laptop, you may use your personal computer. However, University information is not permitted to be stored on your personal computer.
Whether you are using a University or personal laptop, ensure your computer meets the following requirements:
- Anti-virus software is installed and up-to-date.
- Hard-Drive Encryption is enabled.
- The operating system and other software (such as Office 365) is up-to-date.
- You are not logged into your computer as an administrator.
- Be sure to set a password for logging in, and lock your device when you step away.
- Your documents and files are frequently backed up. Using OneDrive for Business is recommended for automatic backup and storage of files.
- Though only necessary for a few IT services, set up Campus VPN on your computer before you need it. Most people will only need the Campus VPN to access their Home and Shared Network Storage folders. Only connect to Campus VPN when a service requires it.
- Be wary of emails from people you don't know, or email addresses you don't recognize. Learn how to identify malicious email.
2. Securing your OHIO account
Many employees have access to private University information and resources with their OHIO account. Keep your account safe by:
- Ensuring that you are the only one able to use your OHIO account, in accordance with the University Credentials Policy and our guidance on creating strong passwords.
- Enroll in Multi-Factor Authentication to add another layer of protection to your account - and the information you have access to.
- Ensure that under Account Information, you select enable Multi-Factor Authentication for all eligible services.
- If you only have your office phone registered in your account for Multi-Factor Authentication, you will need to add another device you have at home (like your smartphone) to make sure you can sign in to all University services. Learn about available options for enrolling in Multi-Factor Authentication.
- Don't sign into University services on public computers or public/unsecured networks.
3. Securing University data
Treat sensitive data with extra care when working remotely. Be aware of how you access and edit documents and files that may contain sensitive data. Do not sync or download University data to personally owned devices. If you're not sure if the information you work with is sensitive, refer to our Data Classification Table for guidance.
- For those working with sensitive data (HIPAA, FERPA, etc), the OHIO Virtual Desktop environment is the most secure way to do your work.
- For less sensitive information, consider using the browser-based versions of Word, Excel, PowerPoint, etc. that are a part of OneDrive for Business.
- OneDrive can be accessed anywhere and allows you to collaborate on documents and files with multiple people simultaneously.
- Enroll in Online IT Security Training to learn how to protect data and University resources.
- Request enrollment by emailing email@example.com with the names and email addresses of individuals to be enrolled.
- Secure paper records to prevent unauthorized access.
- If storing data on removable media (like a jump drive) is unavoidable, password protect the files saved to it, and encrypt the device in accordance with the Acceptable Encryption Standard.
- Encrypt files with sensitive data. Learn how to encrypt files on a variety of different applications.
- Units with sensitive data that need to collaborate via Teams or OneDrive should follow the respective guidance for handling sensitive data within these services.
Even if you're working remotely, OIT is here to support you. If you need help, contact the IT Service Desk for assistance.
If you are unable to meet the security requirements listed above for remote work, talk with your supervisor for guidance before working remotely. Remember, you are responsible for following University policies, good security practices, and ensuring the security of University information. Not adhering to these requirements puts you and the University at risk, and may result in a compromise of University information.