Working Remotely Securely
Working remotely has become a necessity for modern organizations to recruit the best talent, remain competitive, and increase productivity. For employees, this may provide a better work-life balance and more freedom. All Youngstown State University employees working remotely have a responsibility to:
YSU's Remote Work Administrative Policy establishes guidelines for employees and their managers regarding remote work opportunities. These guidelines not only detail administrative policies to evaluate an employee's performance while working remotely, but also outlines technical regulations to promote cybersecurity and awareness. These technology guidelines are listed in section (D.3.e) for employees to follow.
Of the guidelines listed, the most important requirement to ensure security when working remotely is the exclusive use of university-issued laptops for remote work. Employees should not download any YSU data to non-university devices. Why? University devices are managed by IT staff to receive appropriate software and security updates to protect against harmful viruses, worms, and attacks that could compromise YSU data, devices, and/or networks. This same level of security is not promised when using a non-university device to complete remote work.
YSU's Acceptable Use Policy applies to all users and uses of university-owned technology resources. As mentioned in section (H), security is an effort between campus IT staff and university users. Users should increase their technology security awareness by becoming familiar with common cyber attacks and prevention:
- Phishing is a fraudulent email that aims to steal your personal and financial information. Properly identifying and reporting phishing emails will protect your data and others. For more information on how to identify phishing emails, refer to Phishing: Identify Phishing Attacks and Email Scams.
- Shoulder Surfing is a tactic used by threat agents to glance at your computer, phone, or security access device to gain important security PINs, codes, passwords, and information. Being vigilant of your surroundings and safeguarding important information from the physical view of unknown persons can combat against shoulder surfing.
- Social Engineering is a tactic used by threat agents to gain more information about an individual or organization. Social engineering can take place in-person, online, or over the phone. The outsider will ask seemingly harmless questions to unsuspecting employees and personnel. It is important to verify who you are talking to and their role within or relationship with YSU.
This is not an all-encompassing list of possible cybersecurity attacks. To remain up-to-date on how to combat growing threats, visit the IT Security webpage for best practices and heed all recognized cyber threats reported via email.
Securing devices ensures both the laptop (or other portable device) and the contained data are safe from threat agents. In the event that an employee is working remotely in a public space (airport, coffee shop, etc.), employees face additional security concerns. In conjunction with securing the physical device, users should also protect their data from unsafe networks. Employees working remotely in public spaces should:
- Work with a privacy screen. Privacy screens will protect your screen from threat agents' attempt at shoulder surfing data as you type and complete your work.
- Be vigilant. Vigilance involves being aware of your surroundings and having all of your belongings within an arm's reach of your person to protect from theft. Users should also be aware of their device's settings such as bluetooth configuration and connected wireless networks. For example, bluetooth connections do not require acceptance and serve as a security risk. If your device's bluetooth is on in a public space, any device within range can initiate a bluetooth pairing.
- Avoid connecting to unsecured networks. Unsecured networks may render your device vulnerable to threat agents and viruses. Public networks are convenient and provide users with Wi-Fi while away from home, work, and school. However, threat agents can connect to the network and attack other devices connected to the same network, gathering financial information, personal information, user names, passwords, files, and more. When working in a public space, users should use a more secure network such as a hotspot.
- Lock and maintain physical custody of all devices. Unlocked and unattended devices are subject to theft. Never leave university-devices unattended.
Employees working remotely should also request VPN access to ensure their computers receive vital security and software updates. VPN also ensures a stable, secure connection for employees when accessing university resources.
Employees can secure data by securely accessing, modifying, and storing data using Microsoft OneDrive and Microsoft Teams (for department data). In addition to providing secure and reliable cloud storage for documents, both OneDrive and Teams allow uncomplicated ways to share and collaborate on documents with team members. Collaboration in a remote work environment is important because it allows a geographically dispersed team to work together to meet goals and deadlines. For more tips on collaboration when working remotely, refer to How to Succeed in an Online Working Environment.
Employees can also access data stored in on-campus storage using the VPN client.
For questions or concerns, contact the Service Desk at (330) 941-1595 or via email at servicedesk@ysu.edu. For training consultations on the use of Microsoft OneDrive or Microsoft Teams, book a consultation with a member of IT Training Services.