Technology Guidance for Remote Computing and Telecommuting

Category: Information Technology

Responsible Office: VPCIO

Responsible Executive: J. Brice Bible

Date Established: September 10, 2021

Summary

The following guidance should be implemented on all technology being used to access and work with moderate to high-risk university data.

Overview

Security of data and systems is paramount to the academic and research missions of the University at Buffalo.  It is vital that security best practices keep abreast with telecommuting, remote work and remote learning modalities.

Members of the University who wish to access and work remotely with restricted or private data should adhere to the following standards and guidance.

General Information and Best Practices

  • Endpoints should not be left unattended or viewable by anyone not authorized to view sensitive information, whether at home or in a public setting.
  • Personally owned devices may not be used to store, render, or process Category-1 Restricted Data.  Access to this high risk data is only permitted through University issued and managed technology assets.
  • Access to process Category-2 Private Data should be done using a University issued and managed technology asset or a personally owned computing endpoint that meets the University’s Minimum Security Standards.
  • Endpoints should be restricted to a single user, authorized to access University Data.  This is particularly important in a remote work or telecommuting setting where multiple members of a residence may have physical access to a device or endpoint.
  • Be aware that devices used to conduct university business may be subject to subpoenas or E-discovery.
  • Category-1 Restricted data cannot be sent via email
  • Category-1 Restricted data cannot be processed or stored on any personal devices.
  • Immediately report the theft of university-owned stolen equipment or personal equipment that was used to store or access university data.

Use of Non-University Devices to Access University Category 2-Private Data

It is strongly recommended that a UB-owned and managed computing endpoint be used when accessing and working with category2 data types.   This type of data is involved in most University business, research or academic administrative functions (remote learners typically do not fall into this category).

 Personally-owned computing endpoints used to access and work with Category 2 data must follow the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices. Owners of personal devices are responsible for ensuring adequate and appropriate security configurations.

  • Only use supported and current operating systems to conduct UB business. (i.e. Windows 8 and up/High Sierra and up).
  • Enable all automatic patching and updates and ensure that the system contains up-to-date software, which can be accessed in the Control Panel on PCs or System Preferences on Macs. Be sure to update both your operating system and all applications.
  • Use an up-to-date anti-virus and firewall client like Windows Defender (which comes with the Windows operating system), AVG or Sophos. Ensure the computing endpoint is password-protected with a strong password required at start-up and login.
  • Enable the password-protected screen saver to ensure that your personal computer is password protected when you’re not using it. You do not want a family member inadvertently deleting or changing information.
  • Don’t save things to your personal machine or on any shared media – be sure to use UBbox or MS OneDrive
  • Limit downloading of games or other non-essential apps, which are often a source of infection/compromise.
  • Be cognizant of what’s around you and may be in view of a webcam or microphone.

Securing Your Home Network

  • Ensure all devices on your home network are patched.
  • Disable all internet sharing and IoT or smart-device controlling software when connected to UB.
  • Ensure routers have the most recent updates to address security issues.
  • Secure Wi-Fi
    • Secure your Wi-Fi connection at home; avoid using public or unsecured networks.
      • Minimally: change the administrative password for the router from the default to something more secure.
      • Make sure the firewall is enabled on your router.
      • Use WPA2 password protected encryption where possible, which is the generally accepted security standard. Older networks may be encrypted with WEP encryption, which has significant security weaknesses. Most modern operating systems will warn you when connecting to a network like this.
      • Additional suggestions for how to secure your home network can be found here: https://heimdalsecurity.com/blog/home-wireless-network-security/

Phishing and Other Threats

  • Be vigilant. Attackers always take advantage of chaos to launch phishing and social engineering attacks. Be especially alert for phishing attacks masquerading as communications around COVID-19.
  • Expect phishing attempts where attackers try to masquerade as UB leaders.
  • Report phishing to abuse@buffalo.edu.

Related Policies

All UB Policies and standards apply regarding UB and UB data, regardless of work location.  Employees are responsible for knowing and meeting policy requirements, standards and guidelines regardless of work location.

Related Links

Contact Information

Office of the Vice President and Chief Information Officer
517 Capen Hall
Buffalo, NY 14260
Phone: 716-645-7979
Email: vpcio@buffalo.edu
Website: http://www.buffalo.edu/ubit.html