{"id":21680,"date":"2021-11-03T16:21:21","date_gmt":"2021-11-03T20:21:21","guid":{"rendered":"http:\/\/www.montclair.edu\/information-technology\/?page_id=21680"},"modified":"2022-08-10T10:38:53","modified_gmt":"2022-08-10T14:38:53","slug":"security-guidance-for-flexible-working","status":"publish","type":"page","link":"https:\/\/www.montclair.edu\/information-technology\/security-guidance-for-flexible-working\/","title":{"rendered":"Security Guidance for Flexible Working"},"content":{"rendered":"

Security Guidance for Flexible Working<\/span><\/h1>\n

As the University transitions to a hybrid work model of both on-campus and remote work, it is important to minimize any risk to University and personal information. This document recaps and consolidates guidance and tips for safe computing, generally extracted from our established MSU computing policies.<\/span><\/p>\n

Client Workstation Use<\/span><\/h2>\n

When should I use University-issued versus personal workstations?<\/span><\/h3>\n

We strongly recommend that employees who have a desktop or laptop issued and managed by the University\u00a0should\u00a0use that machine for all business and education-related activities, whether working remotely or while on campus. These machines are centrally managed by IT and\/or your college\u2019s local technology team and are configured with additional security settings that may not be present on a personally owned or personally configured machine. \u00a0Employees should avoid sharing their University-issued computer with family members or using it for non-work related activities like casual web browsing, streaming entertainment, online shopping, etc. as those activities can increase the risk of exposure to malware.<\/p>\n

Employees\u00a0must<\/span>\u00a0<\/strong>report the misplacement, theft, or loss of a University-issued device (or any device that has been used to store University related information) to their local police station (or University campus police if the loss occurs on campus),\u00a0their direct supervisor, and the IT Service Desk (or your college\u2019s local technology team) as soon as possible. Please also provide the issued police report when you receive it.<\/span><\/p>\n

We also strongly recommend that use\u00a0of\u00a0personally acquired\/managed computing devices (including personally managed computers acquired with University grant or startup funds) and public machines (such as a shared library workstation) for work-related duties be limited\u00a0to:<\/span><\/p>\n

a. Accessing your University email account<\/span><\/p>\n

b. Browsing the public web\/internet<\/span><\/p>\n

c. Accessing campus applications (NEST, Banner, etc.) and approved Cloud services
\n(Google Calendar, Google Drive, Canvas, Workday, Zoom, etc.) with your NetID<\/span><\/p>\n

d. Developing educational materials or performing research that do not involve sensitive
\nUniversity data<\/span><\/p>\n

You are accountable for following the guidelines below whether using University-managed or personal computing devices for work-related purposes.<\/span><\/p>\n

Client Security Tips<\/span><\/h2>\n

Workstations\u00a0<\/span>\u00a0(e.g.\u00a0<\/span>laptops<\/span>\u00a0and desktops)<\/span><\/h3>\n
    \n
  1. When\u00a0using any computer, whether\u00a0managed by the University or by yourself<\/span>:<\/span><\/li>\n<\/ol>\n

    a. To minimize risk of data loss or compromise due to hardware failures or security exposures, avoid retaining data\u00a0on the device\u2019s internal storage (C: drive). Instead, store University data on the MSUFiles file server or Google Drive. If you have temporarily copied files from a central storage location (e.g. MSUFiles), please delete them from the device\u2019s internal storage when you are finished working with them.<\/span><\/p>\n

    b. Log out of the client device when not actively using it.<\/span><\/p>\n

    c. Explicitly\u00a0put a laptop into sleep\/shutdown mode when not actively being used (that is, do not just close the laptop cover) to ensure full Windows Bitlocker or MacOS FileVault encryption protection.<\/span><\/p>\n

    d. Do not leave a running laptop unattended outside of private and secure work spaces.<\/span><\/p>\n

    e. Perform a full reboot of the client device at least once every few days to ensure that security, operating system and other application updates are applied regularly.<\/span><\/p>\n

      \n
    1. When using\u00a0University-managed computers<\/span>:<\/span><\/li>\n<\/ol>\n

      a. Apply all updates when prompted by the system as they are distributed via the University\u2019s device management system.<\/span><\/p>\n

      b. If granted a local administrative access exception, do not install non-work related applications, plug-ins, or other software.<\/p>\n

        \n
      1. If using a\u00a0personal (non-University-managed) computer<\/span>\u00a0for work-related needs:<\/span><\/li>\n<\/ol>\n

        a. Make sure your computer is kept up-to-date with all operating system and software patches, applied weekly or more frequently.<\/span><\/p>\n

        b. Do not access sensitive data using personal computers that cannot be updated with the latest patches and\/or are not\u00a0running the latest supported operating system.<\/span><\/p>\n

        c. Always use antivirus software and check that it is running and actively updating. If you do not have anti-virus software, you can download Sophos Antivirus by logging into the MSU Software Repositor<\/a><\/span>y<\/a><\/span>.<\/span><\/p>\n

        d. Do not store any sensitive University data on your device. \u00a0Instead access it through Google Drive and\/or MSUFiles<\/a><\/span>\u00a0(including Shared O: and N: Drives).\u00a0<\/span><\/p>\n

        e. Do not<\/span>\u00a0use your NetID password as the login to\u00a0your personal computer\u00a0<\/span>or for any other personal online account logins. This can help to protect your NetID account if your personal computer is compromised by malware or other security issues.<\/span><\/p>\n

        Mobile devices (e.g. smartphones, tablets)<\/span><\/h2>\n

        Whether using a University-issued or personal phone\/tablet, for the protection of University data as well as your own data (i.e. contact lists, calendars, photos, texts, etc.), enable screen-lock on the device using either a PIN or biometric (face or fingerprint recognition) feature. \u00a0Also, regularly update the device to the latest version of the operating system to ensure patching of any known security vulnerabilities.<\/span><\/p>\n

        Avoid\u00a0accessing\u00a0sensitive data from mobile devices and\/or tablets that have not been updated to the latest operating system.<\/span><\/p>\n

        Data handling<\/span><\/h2>\n

        If there is a need to share files that contain sensitive information with other MSU employees, do not use unencrypted email. Instead use the MSU File Hawk<\/span><\/strong>\u00a0secure document distribution system found at:<\/span><\/p>\n

        \u00a0https:\/\/msufilehawk.montclair.edu<\/a><\/span>\u00a0<\/span><\/p>\n

        An overview of how to send sensitive information can be found on the MSU File Hawk<\/a> website.<\/p>\n

        Alternatively, you may securely email sensitive information by moving it to an encrypted attachment, e.g. using Microsoft Office documents or Adobe Acrobat encryption capabilities, and then communicating the password by any other means or at least by separate email. \u00a0An overview of this process can be found in our How to Password Protect and Encrypt a File<\/a> document.<\/p>\n

        Always store sensitive information on\u00a0on the MSU-managed central file server known as MSUFiles (including Shared O: and N: drives)<\/span>\u00a0or on an approved cloud service like MSU\u2019s Google Workspace (i.e. Google Drive) when appropriate. Google Drive may be used to store most work-related documents with the exception of highly sensitive information classified as \u201cPrivate\u201d, such as social security numbers or health information (refer to the\u00a0Data Classification and Use Policy for full list). \u00a0\u201cPrivate\u201d information should be stored on MSUFiles.<\/p>\n

        Remote network access<\/span><\/h2>\n
          \n
        1. Be very cautious when connecting to wireless networks off-campus in public spaces such as restaurants, airports, etc. These public wireless networks are often not using a\u00a0secure connection\u00a0(i.e. encryption) between your device and the wireless access point. This means it is possible for information traveling between your device and the access point to be intercepted and viewed.<\/span><\/li>\n
        2. Be sure that you have set a password on your\u00a0home wireless network, which will prevent unwanted access to your home or apartment \u00a0WiFi network by neighbors or anyone within range of your wireless router\u2019s signal.<\/span><\/li>\n<\/ol>\n

          VPN: Remote access to applications restricted to on-campus access<\/span><\/h2>\n

          To access an application remotely that is restricted to only on-campus use (such as MSUFiles, Call Center soft phones, some Banner\/NEST functions, and reporting tools like COGNOS and Tableau), you must first connect to the campus network through the VPN service. You can connect to the campus VPN \u00a0by launching the \u201cCisco AnyConnect\u201d VPN application on your university-managed device and logging in with your NetID and password.\u00a0You will also need to use DUO multi-factor authentication when logging into the VPN by typing the word \u201cpush\u201d into the 2nd password field of the AnyConnect client application.\u00a0 See the following VPN user guide for more information:<\/span><\/p>\n

          https:\/\/www.montclair.edu\/information-technology\/campus-vpn-remote-access-guide\/<\/a><\/span><\/p>\n

          If you need to have the VPN client software installed on your personal computer, please refer to the section in the guide on \u201cConnecting to the VPN with Cisco AnyConnect\u201d and select your operating system.<\/span><\/p>\n

          Protect yourself against phishing<\/span><\/h2>\n
            \n
          1. \n
              \n
            1. When reading emails, be extra vigilant in regards to possible phishing scam messages.<\/span><\/li>\n
            2. Do not click links or download files attached to an email that you are not expecting or from someone you do not recognize. Attempt to contact the sender directly first if you are unsure.<\/span><\/li>\n
            3. Move your cursor over a URL\/link and check that the resulting link displayed (usually in the bottom bar of your browser or email client) does not appear suspicious.<\/span><\/li>\n
            4. Continue to be aware of \u201csocial engineering\u201d attacks such as someone posing as a colleague or manager and asking you (often with a sense of urgency) to provide information or perform uncommon tasks (e.g. \u201cPlease purchase four gift cards and send them to this address.\u201d)<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

              Where can I find more information about the University\u2019s information security policies?<\/span><\/h2>\n

              All current policies related to information security, the handling of sensitive data, and general usage guidelines can be found on the University\u2019s policy web page at:<\/span><\/p>\n

              https:\/\/www.montclair.edu\/policies\/category\/technology\/<\/a><\/span><\/p>\n

              The three policies at the above link that are most relevant to flexible or remote working are:<\/span><\/p>\n

                \n
              1. \n
                  \n
                1. Responsible Use of Computing Policy<\/span><\/li>\n
                2. Data Classification and Use Policy<\/span><\/li>\n
                3. Google Drive Usage Guidelines<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

                  Security Guidance for Flexible Working As the University transitions to a hybrid work model of both on-campus and remote work, it is important to minimize any risk to University and personal information. This document recaps and consolidates guidance and tips for safe computing, generally extracted from our established MSU computing policies. Client Workstation Use When […]<\/p>\n","protected":false},"author":127,"featured_media":13581,"parent":0,"menu_order":63,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-21680","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/pages\/21680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/users\/127"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/comments?post=21680"}],"version-history":[{"count":8,"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/pages\/21680\/revisions"}],"predecessor-version":[{"id":22845,"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/pages\/21680\/revisions\/22845"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/media\/13581"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/information-technology\/wp-json\/wp\/v2\/media?parent=21680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}