Working remotely presents unique challenges for information security because remote work environments don't usually have the same safeguards as working on-campus. When an employee is at the office, they are working behind layers of preventive security controls. While not perfect, it is harder to make a security mistake while at the office. However, when computers leave campus and people work remotely, new risks arise for the University and additional safeguards and vigilance is essential. For more details see the "Fredonia Secure the Human Reference Guide" at https://answers.fredonia.edu/x/S4I4.
...
- Always Use strong passwords or passphrases whenever possible.The key to strong passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. For more about passphrases see https://answers.fredonia.edu/x/VoCXAQ
- Make sure each of your accounts has a separate, unique password. Never reuse passwords across multiple systems and do not share your password with others.
- Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
- Set up two-factor authentication whenever possible. The University utilizes DUO two-factor authentication for many critical and sensitive systems. To learn about DUO visit Duo Security Frequently Asked Questions at https://answers.fredonia.edu/x/ZoM4.
NOTE: This is a good time to review your second factor devices to make sure you can login to your protected services remotely, see https://answers.fredonia.edu/x/iYM4. - Do not use your eServices credentials (email/password) for other non-work related services (e.g. Facebook, Dropbox, etc.).
...
- Keep University data on work computers or within approved University cloud accessible systems. Do not save Category II - Private or Category III - Restricted data to personal devices or cloud storage (e.g. Dropbox).
- Store your University data on your U:/ drive to ensure that it is fully encrypted and backed up regularly.
- Do not email sensitive Data without encrypting it first.
- Only those individuals with a need to know should be authorized to access sensitive information. Least privilege necessary is a good practice to stick with.
- Maintain an accurate inventory. Know where sensitive information resides and keep track of servers, workstations, mobile devices, back-up systems, etc.
- Secure information disposal. All paper documents with sensitive information should be shredded. Electronic media must be thoroughly reformatted or physically destroyed.
- Do not use personal email accounts for University business. Every employee of the University has a @fredonia.edu email address for conducting University business. Don't use your personal email account (e.g. Gmail, Yahoo, etc.) for conducting University business.
While working at home, be aware that your work location and screen could expose members of your household to personal, private, or sensitive information. You need to be certain that no one except for authorized University personnel has access to or can view this data.
If you take a photo of your office home setup for any reason (e.g. social media), be certain that you do not have screens open with University private or restricted data on them.
Family and GuestsAnchor Family Family
| Family | |
| Family |
...