Category: Information Technology
Responsible Office: VPCIO
Responsible Executive: J. Brice Bible
Date Established: September 10, 2021
The following guidance should be implemented on all technology being used to access and work with moderate to high-risk university data.
Security of data and systems is paramount to the academic and research missions of the University at Buffalo. It is vital that security best practices keep abreast with telecommuting, remote work and remote learning modalities.
Members of the University who wish to access and work remotely with restricted or private data should adhere to the following standards and guidance.
It is strongly recommended that a UB-owned and managed computing endpoint be used when accessing and working with category2 data types. This type of data is involved in most University business, research or academic administrative functions (remote learners typically do not fall into this category).
Personally-owned computing endpoints used to access and work with Category 2 data must follow the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices. Owners of personal devices are responsible for ensuring adequate and appropriate security configurations.
- Only use supported and current operating systems to conduct UB business. (i.e. Windows 8 and up/High Sierra and up).
- Enable all automatic patching and updates and ensure that the system contains up-to-date software, which can be accessed in the Control Panel on PCs or System Preferences on Macs. Be sure to update both your operating system and all applications.
- Use an up-to-date anti-virus and firewall client like Windows Defender (which comes with the Windows operating system), AVG or Sophos. Ensure the computing endpoint is password-protected with a strong password required at start-up and login.
- Enable the password-protected screen saver to ensure that your personal computer is password protected when you’re not using it. You do not want a family member inadvertently deleting or changing information.
- Don’t save things to your personal machine or on any shared media – be sure to use UBbox or MS OneDrive
- Limit downloading of games or other non-essential apps, which are often a source of infection/compromise.
- Be cognizant of what’s around you and may be in view of a webcam or microphone.
All UB Policies and standards apply regarding UB and UB data, regardless of work location. Employees are responsible for knowing and meeting policy requirements, standards and guidelines regardless of work location.
- The policies most relevant to working at a remote location include, but are not limited to:
- Other relevant UB policies can be found on the UB Policy Library.
- Other relevant UBIT policies and guidance documents can be found on the IT Policies webpage.
Office of the Vice President and Chief Information Officer
517 Capen Hall
Buffalo, NY 14260