In the coming weeks, many UEA employees will be working at home, some for the first time. Although many of our systems are designed to allow remote working, accessing UEA data remotely introduces new security challenges that you need to be aware of. The following tips will help you keep UEA personal and confidential data secure when working from home. Additional information can be found on our IT Security home page.
Staying secure whilst working from home
- Be extra aware of social engineering (a psychological attack where attackers trick or fool their victims into making a mistake) and phishing scams. With all the additional staff working from home – many for the first time – there’s a lot of opportunistic scammers out there. Remember, never give out your password to anyone - ITCS will never ask you for your password, and to be careful of clicking on links in emails – especially if you weren’t expecting the email.
- Use a strong password for all your accounts. And never use your UEA password for other accounts.
- Keep your systems up-to-date with the latest security patches. Unpatched software is like leaving a door or window open in your home, addressing these promptly will dramatically improve your security.
- Ensure you’re running anti-malware software and that’s it too is up-to-date and you’ve run a scan recently.
Additional guidance if using a personal device to work from home
Staff should use UEA-issued devices wherever possible. However, we recognise this may not be possible in all cases. Make sure you take the following actions if you are using your own personal device to work from home.
- Don’t use your personal device to store files containing UEA personal data. Use OneDrive if you need to store files containing personal or confidential data while working from home.
- Log out of all applications, clear web caches, cookies and history, and quit the browser and all programs when you are finished. This will help clear connection history from the device.
- Ensure shared devices do not remember passwords and clear any stored passwords before you leave the device. Most programs and web browsers have a ‘preferences’ or ‘settings’ option that lets you configure this.
- Ensure sensitive files and applications are password protected so that other users of the shared device don’t have access.
- Create a separate user account for use when working on university business from a shared device, don't share this account with anyone else.
- Don't save anything to the shared device desktop as it won't be available to you from your UEA desktop.
If you are moving equipment or data …
- Keep UEA IT equipment secure at all times when you are transporting it outside of your usual office or away from the campus. Make sure any documents and IT equipment are in a suitable secure bag or box and if you use public transport make sure you take them with you when you get off the train or bus. It’s easy to forget when you no doubt have a lot on your mind.
- Keep any UEA personal or confidential information secure at all times, whether held in electronic format or hard copy (paper) documents.
- Please only remove documents from the office that are genuinely required, using One Drive to store them so you can access them later.
- Don’t leave IT equipment or documents in the car and if for some reason this is not possible, put everything in the boot of your car out of sight and try not to leave unattended for more than 30 minutes.
- Do not leave the documents and IT equipment in the car overnight under any circumstances.
Security of equipment and information when being used at home/off campus:
- You should be the only person using your UEA IT equipment and accessing your UEA account. You are responsible for anything that originates from your account – ‘if it comes from your account, it comes from you’. Do not allow family members to use your UEA IT equipment.
- You should make sure that you lock your screen every time you leave your laptop/desktop or phone. It’s simple, just use the Windows Key+L to do this in one step. (ÿ+L)
- Be aware of where you are working and the sort of information that you have on screen. We know that these are unusual times so make sure as far as reasonably possible that no-one nearby can see and read the screen of your device.
- Although it may be difficult at times, if you are going to have a sensitive conversation try to have it in a closed room.
- Don’t use unauthorised services or applications to work on UEA data. Now is not the time to start trying new ways of working. UEA have data sharing agreements with Microsoft that enable us to use OneDrive, Teams and SharePoint safely and securely. If you use other services that have not been approved bu UEA you may inadvertently create a data protection issue.
And finally, much of this is just common sense – we want to work with you to keep data and IT equipment safe in these difficult and uncertain times. If you’d like to know more about information security, there is a training module available on Blackboard. Our Security and Data Protection web pages also contain more advice and guidance. If you have any specific questions about data protection, contact firstname.lastname@example.org. For IT security advice, contact email@example.com