Security reminders for working remotely
Keep these four tips in mind when working off campus.
March 18, 2020
With the Universitywide transition to online teaching, many staff and faculty may be working from offsite locations for the first time. While telecommuting has advantages, it also introduces new or heightened security risks. Please keep the following in mind while working remotely.
1. Use GlobalProtect to access MSU Denver resources that require a secure connection
Many of Metropolitan State University of Denver’s network services – such as Office 365 services (Outlook email, SharePoint, OneDrive, etc.), Blackboard and Chrome River – can be accessed through any internet connection and used to work remotely. However, there are some services – such as Banner Admin Pages, internal or departmental file servers or the Information Technology Services support website – that are accessible only through secure campus networks. MSU Denver ITS provides the GlobalProtect remote-access solution for people who need to access secured resources from off-campus. If you need to access a secured resource while working remotely, please fill out the GlobalProtect Access Request form.
2. Verify suspicious communications
Cybercriminals have created new scams to take advantage of the unease surrounding the coronavirus (COVID-19). They may send phishing emails with malicious attachments or links to fraudulent websites, trying to trick targets into revealing sensitive information or donating to fraudulent charities or causes. We encourage everyone to remain vigilant and take the following precautions:
- Exercise caution when handling any email with a COVID-19-related subject line, attachment or hyperlink.
- Be wary of social-media pleas, texts or calls related to COVID-19.
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Use trusted sources such as legitimate government websites for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for such information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Continue to visit msudenver.edu for all University communications, as well as current guidelines, policies and prevention measures.
Additionally, scammers may attempt to take advantage of remote workers by pretending to be a supervisor or colleague and sending messages that ask their target to reveal University information or make a purchase on their behalf. This is similar to the “gift-card scam” seen at the University in the past, and the techniques to combat it are the same:
- Always vet the source of a suspicious email; while the display name or signature may appear to be your supervisor’s, the e-mail address (which some mail apps hide by default) will typically belong to an external provider such as Gmail or Yahoo.
- Be diligent in determining whether the request is real and how you should respond.
- Do not be afraid to contact your supervisor to verify a request.
As always, if you believe you have received a phishing email, please forward it to firstname.lastname@example.org.
3. Secure your device
Make sure your devices are secured when working from coffee shops or other remote locations. While your devices should be with you at all times, if you need to pick up your coffee or walk around the table to plug in an adapter, make sure to lock your screen so your data will be secure if someone tries to take a picture of the screen or run off with the device. Your devices should never be left unattended and unlocked.
All MSU Denver laptops have encryption software, so as long as the device is locked or turned off, the hard drive will be unreadable and protected if a malicious user attempts to access the hard drive directly. If you have any concerns about the encryption software or believe it may not be enabled, please contact the ITS Service Desk.
4. Be responsible with Personally Identifiable Information
Personally Identifiable Information consists of a combination of name, Social Security number, address, birthdate and anything else that, when combined, could be used to impersonate an end user. General best practices for working with PII while remote are listed below, but please contact your supervisor for your department’s best practices as well.
- PII should never be sent via e-mail, text or instant message.
- PII should never be stored on personally owned computing devices.
- PII stored in OneDrive or SharePoint should have retention rules to make sure the data is deleted once it is no longer needed.
- PII stored in OneDrive or SharePoint should have sharing rules to make sure the data is available only to people who are authorized to view it and need to use it.
- If there are any concerns with the security of your OneDrive or a SharePoint site being used, please reach out to the Service Desk for help with permissions.
If it is required to send or receive PII electronically, it is recommended this information be sent through Liquid Files. If you do not have access to Liquid Files, please contact the ITS Service Desk to request an account.
If you have any questions or concerns, please contact the ITS Service Desk at 303-352-7548 or support.msudenver.edu.
Topics: Cybersecurity, Safety, Technically Speaking, TechnologyEdit this page