Cybersecurity Safeguards for Working Remotely

Thursday, January 27, 2022

University of North Texas employees are responsible for adhering to the UNT System Information Security Policy and UNT System Information Security Handbook in regard to ensuring the confidentiality, integrity, and availability of data, information and information resources while working remotely.

Employees must ensure that personal or university-owned technology or equipment used during flexible work arrangements and remote work arrangements adhere to the protection requirements identified in the UNT System Information Security Handbook, and do not allow an unauthorized party access to system-owned data, information or information resources. Employees are required to adhere to system policies regarding copyright laws, intellectual property and other policies related to use of information resources and equipment.

All work performed at alternative locations; including products, programs and projects is the property of the University of North Texas System. Therefore, each employee is responsible for ensuring the safety and integrity of data and software used at the remote worksite.

Connect Securely to University Networks and Resources

Employees should use the Virtual Private Network (VPN) when connecting to university networks or resources from remote locations. Using the VPN ensures that you are establishing a secure connection when using university technology resources. Instructions on how to connect to the university VPN can be found in the Remote Access/VPN Guide.

Avoid using unfamiliar Wi-fi networks. If you use a home Wi-Fi network ensure that the network uses strong encryption such as WPA2 protection and enable a secure Wi-Fi password to protect the network from unauthorized access or use.

Protect UNT System Data

When using or handling system data, ensure that the data are backed up and files are saved to a platform that is properly maintained by the ITSS on a daily basis. Contact local IT support staff for information on how to back-up and save files to appropriate locations. Examples of secure locations include OneDrive and department file shares.

Encrypt all data that are stored on a portable device, media, personally-owned devices or other non-university-owned devices. Confidential data includes student information, most employee information, personally identifiable information, some research information and other information that is identified in data protection laws, confidentiality agreements and contracts.

Avoid downloading sensitive or confidential data to a personally-owned device.

Do not allow family members or other unauthorized individuals to view or access system data, even if the data are not considered confidential.

Avoid sending confidential or personally identifiable information in email. To encrypt messages sent from the UNT System email system, add #secureto the subject line.

Avoid saving your passwords in your browser in order to prevent an unauthorized individual or intruder from accessing UNT System applications and resources.

Prevent system-owned data from being viewed by unauthorized persons. Be aware of shoulder-surfing.

Log out of devices and applications when no longer in use. This will ensure that no unauthorized parties can use your account to access system resources and data.

Clear your web-browsing data cache when no longer using a web browser. This will ensure that your web browser does not store your account, password or other sensitive data.

Protect University-Owned Equipment

UNT System-owned equipment must be used in accordance with university policies and security standards. Unauthorized individuals, including family members are not authorized to use UNT System equipment.

Do not leave laptops or other system-owned devices unprotected while working remotely. Ensure that physical security measures are in place to prevent damage, harm, theft and loss.

System-owned equipment is configured to run effectively and securely. Do not change or disable security controls such as firewalls, encryption software, anti-virus protection, system patching and update controls, monitoring controls or change other configurations.

Lock your device when not in use and use password protected screensavers.

To avoid automatically connecting to an unknown network, turn off automatic Wi-Fi connections until you are ready to connect to university resources.

Only visit websites that you know are trusted to avoid accidental infection of malicious code or third-party snooping.

Keep work and personal business separate. Do not use UNT System equipment for personal use, store personal information on university-owned equipment, share your password or accounts, or allow family members or other unauthorized individuals to use system-owned equipment.

Properly manage documents in accordance with system retention and security policies.

Protect Personally Owned Equipment

Personally-owned equipment used for UNT System business must be protected in accordance with system information security policies and standards. The following basic controls must be implemented:

Ensure that software installed on personally-owned devices is up-to-date and patched. Follow maintenance recommendations identified by the software manufacturer.

Install antivirus software that detects, quarantines or deletes malicious code on personally-owned devices. The antivirus software should be configured for regular updates and automatic scans to remain effective.

Regularly save, back up, and store system-owned data and files to system-owned servers and resources.

Lock your device when not in use and use password protected screensavers.

Ensure that physical security measures are in place to prevent damage, harm, theft or loss or personally-owned devices.

To avoid automatic Wi-fi connections to unknown networks, turn off automatic Wi-Fi connections until you are ready to connect to the university’s secure location.

Do not share your university account or passwords with family members or other unauthorized individuals.

Be mindful of apps that you install on your personal device. Ensure that they are developed by trusted sources and have been vetted by legitimate stores such as Apple or Google Play. Doing so will help you avoid accidentally installing apps that are infected with malware or apps that track your activities.

Properly manage documents in accordance with university retention and security policies.

Configure your personal device to enable privacy settings, such as enabling safe browsing and disable settings that allow browsers to track your activities.

Use UNT System Approved Technology to Collaborate, Communicate and Conduct University Business

Use secure and university approved technologies for collaborating, communicating and conducting UNT System business with university officials and personnel. Examples of approved technology include the collection of tools available in the Microsoft Office 365 suite (Teams, Outlook, etc.).

Ensure that business conversations cannot be overheard by unauthorized individuals.

Keep work and personal business separate. Do not use UNT System resources for personal use.

Be Vigilant -- Beware of Scams

Avoid becoming a victim of a scam. Scammers are attempting to take advantage of fears surrounding current issues. Phishing attempts can be quite convincing if they contain logos or disclaimers taken from legitimate websites. Be vigilant about protecting your remote work environment to ensure the confidentiality, integrity and availability of UNT System resources and data.

Do not open or click on suspicious emails, links or attachments from sources that you do not know. Check the “from” address in email messages to ensure that the message is from a valid source and is not an impersonation attempt from an attacker.

Beware of scams requesting donations for charities or crowdfunding sites.

Getting Help and Reporting Security Incidents

If you need technical support or assistance while working remotely, submit a Help Ticket. Do not allow unauthorized individuals to access or modify university-owned devices or information.

If you suspect that you have been a victim of a scam, phishing incident or would like to report other security issues contact your local IT Helpdesk or Information Security immediately.

 

To learn more about information security, visit the Information Security website. For more information about security requirements, please review the UNT System Information Security Policy and the UNT System Information Security Handbook.