IT Security Guidance for Remote Access
University employees have the ability, in many cases, to access the University’s information systems from computing devices and locations other than their regular workspace and outside of the University’s network.
Remote access puts systems at higher risk for attacks and unauthorized access. Additional precautions should be taken by employees when working remotely. Employees who regularly work remotely and with CSU level 1 and 2 data should only do so from a Stanislaus State owned and manged device.
If you access University information systems remotely from a non-Stanislaus State device, the Stanislaus State Information Security Office encourages you to consider the following:
- Do not download or store CSU Level 1 or 2 data to non-Stanislaus State computers.
- You should limit your access to information systems available from off campus.
- Use anti-virus/anti-malware software and configure it to automatically update, this includes for your mobile device.
- Configure your operating system and applications to automatically apply updates (e.g., Microsoft updates or Mac updates.)
- Do not use “remember my password” features when accessing University information on a shared device.
If you access University information systems remotely from a Stanislaus State provided and managed device, the Stanislaus State Information Security Office encourages you to do the following:
- Use the Employee VPN service when connecting from networks not operated by the CSU.
- Do not share passwords or access to the device with others.
- Maintain physical posession of the device.
- Report lost/stolen devices to UPD immediatlly, even if the incident did not occur on campus.
If you have questions about working remotely in a secure manner please open a support ticket with the Support Center.
Safety Tips for Working Remotely
- Be aware of and watch out for phishing and social engineering.
- Secure your home wifi network by turning on encryption and requiring a password.
- Use strong passwords or multi-factor authentication where possible.
- Keep operating systems, software, and anti-malware up to date.
- Do not allow family or guest access to University devices.
- When outside of the home keep University devices in your possession.
What if my university device is lost or stolen? Report lost or stolen devices to UPD immediately. Even if they were not lost or stolen on campus.
What if I am the victim of phishing or social engineering? Change your password immediately and then report it to the Support Center.
What if I need help securing my home network? Consult your equipment manufacture or internet provider for instructions on turning on encyption and setting wifi passwords.