Securing Remote Work
There are three elements to ensuring you're working remotely in a secure way:
Use the guidelines below as a checklist to prepare for working remotely. Don't forget to test that everything is working as expected before you need to rely on it.
Your OHIO-provided laptop will be your best option for working remotely in a secure manner - don't forget your power adapter!
If you don't have a University-provided laptop and need to use your personal computer, you should consult your manager first, then make sure that your computer meets the criteria below. Remember to keep University data on University computers, and do not store University data on your personal devices.
Anti-virus software is a critical component in securing your computer; if your personal device is not currently protected via anti-virus software, OIT recommends:
- For Windows users: Ensure that Windows Defender is enabled and up to date.
- For Mac users: While MacOS has built-in security to its system, users should employ best practices highlighted at https://www.apple.com/macos/security/. For those who may be interested in an additional layer of security, there are options available (both free and payment required) on the App store.
Encrypting your computer provides an additional layer of protection to the data saved to it if your computer were stolen or goes missing. If your personal computer is not already encrypted, please follow the instructions below to use your computer's built-in software for encryption.
If you do have a University-provided laptop, check to ensure that:
- The operating system and other software (such as Office 365) are up-to-date.
- Anti-virus software is installed and up-to-date
- You are not logged into your computer as an administrator. (Most people do not have logins with administrative privileges.)
- Your documents and files are frequently backed up. You may consider using OneDrive for Business for automatic backup and storage.
- Though only necessary for a few IT services, set up Campus VPN on your computer before you need it.
- Most people will only need the Campus VPN to access their Home and Shared Network Storage folders.
- Only connect to Campus VPN when you need to access a service that requires it. Staying connected to the VPN when you don't need it can slow the VPN down for everyone.
- Be wary of emails from people you don't know, or email addresses you don't recognize. Learn how to identify malicious email.
Consider the information and resources you have access to with your OHIO account, and that most of that information is not publicly available. Keep your account safe by:
- Ensuring that you are the only one able to use your OHIO account, in accordance with the University Credentials Policy.
- Enroll in Multi-Factor Authentication to add another layer of protection to your account - and the information you have access to.
- Ensure that under Account Information that you select enable Multi-Factor Authentication for all eligible services.
- If you only have your office phone registered in your account for Multi-Factor Authentication, you will need to add another device you have at home (like your smartphone) to make sure you can sign in to all University services. Learn about available options for enrolling in Multi-Factor Authentication.
- If you're using a personal computer, be sure to set a password for logging in, and lock it when you step away.
- Don't sign into University services on public computers or public/unsecured networks.
Treat sensitive data with extra care when working remotely. Be aware of how you access and edit documents and files that may contain sensitive data. Do not sync or download University data to personally owned devices. If you're not sure if the information you work with is sensitive, refer to our Data Classification Table for guidance.
- For those working with sensitive data (HIPAA, FERPA, etc), the OHIO Virtual Desktop environment is the most secure way to do your work.
- For less sensitive information, consider using the browser-based versions of Word, Excel, PowerPoint, etc. that are a part of OneDrive for Business.
- OneDrive can be accessed anywhere and allows you to collaborate on documents and files with multiple people simultaneously.
- Enroll in online IT Security training to learn how to protect data and University resources.
- Request enrollment by emailing email@example.com with the names and email addresses of individuals to be enrolled.
- Secure paper records to prevent unauthorized access.
- If storing data on removable media (like a jump drive) is unavoidable, password protect the files saved to it, and encrypt the device in accordance with the Acceptable Encryption Standard.
- We have instructions available on how to encrypt a variety of files with their native applications.
- Units with sensitive data that need to collaborate via Teams or OneDrive should follow the respective guidance for handling sensitive data within these services.
Even if you're working remotely, OIT is here to support you. If you need help, contact the IT Service Desk for assistance.
If you are unable to meet the security requirements listed above for remote work, talk with your manager for guidance before working remotely. Remember, you are responsible for following University policies, good security practices, and ensuring the security of University information. Not adhering to these requirements puts you and the University at risk, and may result in a compromise of University information.