Stanislaus State supports the use of telecommuting in positions where appropriate and beneficial to the University and the employee. The Telecommuting program recognizes the benefits available through a planned and managed telecommuting program. Such an option can save commute time and expense for employees and offer some uninterrupted time for concentrated work.
The opportunity to participate in a telecommuting program is offered only with the understanding that it is the responsibility of the employee to ensure that a safe and proper work environment is maintained (e.g. an ergonomically appropriate and safe workplace is required; dependent care arrangements are made as not to place dependents at risk of a lack of appropriate care or interfere with the employee's ability to perform work; personal disruptions such as non-business calls and visitors are kept to a minimum, etc.). Failure to maintain a safe and proper work environment may lead to a modification or revocation of a telecommute agreement.
Telecommuting opportunities are based upon the duties of the employee's position and program requirements as determined by the appropriate Vice President. The opportunity for telecommuting is at management’s discretion and must take into consideration numerous factors, including the job duties, operational needs, impact on the department, and employee performance. Decisions concerning approval, terms, and termination of telecommuting are within the sole discretion of management.
Process for Establishing a Telecommute Agreement
Review the Telecommute Policy and associated attachments.
Before you initiate a conversation with your supervisor or appropriate administrator, familiarize yourself with Stanislaus State's Telecommuting Policy and Guidelines (Rev. 2009) so that you understand the obligations, responsibilities, and limitations associated with Telecommuting or Remote Work.
Meet with your supervisor or appropriate administrator
Meet with your supervisor to discuss the possibility of telecommuting, using the policy as a basis for the conversation (if applicable).
Complete Telecommute Agreement
If a telecommuting arrangement is approved, your supervisor should initiate the paperless Telecommuting Agreement form and workflow that will be routed to you to complete, then to your supervisor, and the vice president of your division for approval.
The form should reflect which duties or job functions may be completed at the telecommute site.
The approved agreement is routed to HR for record-keeping and will be placed in your personnel file.
Information Security Guidelines for Telecommuting
Why Working Remotely is Different
Working away from campus presents a unique challenge for information security because remote work environments usually do not have the same safeguards as working in the Stanislaus State environment. When faculty and staff are on campus, they are working behind layers of preventive security controls. While not 100% foolproof, it is harder to make a security mistake while in the on-campus environment. When Stanislaus State-issued devices leave the perimeter or faculty and staff work remotely, new risks arise and additional protections are essential.
Threats to Working Remotely
- Unsecured Wi-Fi networks: Not everyone has a secure home network with strong firewalls. Public Wi-Fi networks, such as those in coffee shops, are also unsafe for conducting business. Unsecured public Wi-Fi networks are prime spots for malicious parties to spy on internet traffic and collect confidential information.
- Using personal devices and networks: Personal devices and home networks may lack safeguards built into our networks such as antivirus, firewalls, and backup tools. This increases the risk of malware finding its way onto devices and both personal and work-related information being breached.
- Scams target remote workers: Hackers target remote workers, because of the lowered security measures.
Security Musts When Working Remotely
These are some additional precautions that must be taken by employees when working remotely:
Never use public Wi-Fi
Public Wi-Fi introduces significant security risks and must be avoided. Instead of public Wi-Fi use an IT-issued hotspot from a dedicated device. If you are not able to access a hot spot you may also use a VPN to connect to Stanislaus State's network. Using a cellular network is safe.
Secure your home Wi-Fi
Change your router password. Make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3. You can check this by reviewing your manufacture router manual or checking your WIFI network preferences on your device to see what your connected service encryption is set to. Make sure your Wi-Fi has a strong passphrase/password. Restrict inbound and outbound traffic, use the highest level of encryption available, and switch off WPS.
Use a Stan State maintained device
Our Office of Information Technology ensures your workstation, laptops, and tablets have anti-malware, encrypted drives, licensed software, and the latest patches. Your personal devices do not meet state requirements. Your personal devices could introduce risk to university data and your account. If you have a Stan State laptop make sure to use it at home for work. Even for accessing your work emails.
Use Stan State VPN with Multi-Factor Authentication (MFA)
Our VPN encrypts, tunnels, and protects all of your internet traffic so it is unreadable to anyone who intercepts it. This keeps it away from hackers and your Internet Service Provider (ISP). Stan State VPN protects your data. Use VPN even if you are checking your email, accessing Office 365, or storing a file in OneDrive. The use of public networks with Stan State's VPN is highly discouraged due to the risk of compromising the information.
Level 1 Users
A Level 1 user is any faculty, staff, or student worker who has access to Level 1 data other than their own. Level 1 users must use a Stan State maintained device when accessing Level 1 data or a Level 1 system. You may not access Level 1 systems from your personal devices. Use your Stan State maintained device (desktop or laptop) at home to access Level 1 data or systems.
Keep work data on work computers or Stan State approved storage
If you don’t have a Stan State laptop or workstation at home, the next best thing is to access your on-campus workstation remotely. While certain remote access tools have security vulnerabilities, using the Stan State VPN with MFA will mitigate those issues. Contact IT to see if this option is available to you. Do not store Stan State files on your home computer. Use your work computer or Office 365 to store your files.
Do not share your device
If you use your personal device, make sure you are the only one using your device (computer, tablet, etc.). Stan State data cannot be shared with household members. Allowing others to use a device that is being used to access CSU data violates CSU policy by potentially sharing it with persons that have no right to access CSU data.
Patch all your software
Updates to device software and other applications can sometimes take a long time, but they are important. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released. Patch your personal devices.
Set up the firewall on your computer
Firewalls act as a line defense to prevent threats from entering your system. The firewall creates a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs from entering and can stop data leaking from your device. Your device’s operating system will typically have a built-in firewall. Turn it on.
Use antivirus software
Although a firewall can help, it’s inevitable that threats get through. A good antivirus software can act as the next line of defense by detecting and blocking known viruses or malware. Even if viruses or malware does manage to find their way onto your device, an antivirus may be able to detect and, in some cases, remove them. Turn on anti-virus and keep it up to date.
Make sure you are using properly licensed software
Most software that Stan State licenses can only be used on Stan State devices. Exceptions are software on the Software Download page and software such as Microsoft Office that explicitly states it can be downloaded on multiple home devices. Please make sure when working from home and using your own machine that you do not violate any license agreements. If you have any questions please contact IT.
Never leave your devices in the car
Never leave work computers or devices in a vehicle. It’s a best practice to keep work laptops and devices on your person at all times. The trunk of your car is not any safer. There may be criminals watching the parking lot from afar, waiting for their next victim. Putting valuables in the trunk may make life a little bit easier in the short term but do not take the chance.
Taking home paper files?
Keep all confidential paper files locked up and inaccessible to other persons in the household except when using. Use a cross-cut shredder if disposing of any paper files. Make sure you can account for any and all confidential files that are removed from the office by having a checkout system if your department allows paper files to be removed from campus.
Look out for phishing emails and sites
Phishing emails, as well as voicemails (vishing) and text messages (smishing) are used by cybercriminals to “phish” for information. This information is usually used to further schemes such as spear-phishing campaigns (targeted phishing attacks) and account takeover fraud. The recent outbreak of the Coronavirus has allowed cybercriminals to use it as a tactic in their mission to cash in or pursue personal information. Cybercriminals have been known to send out emails, make phone calls and publish websites with false information. To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender without hesitation. If in any doubt, send the email to IT and they will check it out. If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an “about” page, and missing contact information.
For More Information or If you Suspect a Breach
Resources for Successfully Telecommuting
The following resources are provided to help you be successful when telecommuting.
Telecommute Program Contacts
Employee/Labor Relations, Leaves & Compliance Manager
Phone: (209) 667-3746