Working Remotely during an Emergency

Last Updated: 2020-07-14-9:24

Quick Links

Before Leaving the Office

Goal: Establish communication channels and reduce the attack surface

  • Backup important files (physical or digital) and secure them properly
  • Lock up documents, flash drives, files, external hard drives, etc. that contain sensitive content
  • Consider enabling DUO multi-factor authentication (MFA) to protect your UH account from being misused by attackers; for more information, see: https://www.hawaii.edu/askus/1758
  • For DUO MFA users, Ensure that you have multiple devices/methods setup for authorization such as a list of passcodes, or another non-work phone number especially if you are currently using your desk phone as a registered device
  • Turn off any devices that are not needed while you are out (desktop computer, printer, fax machines, copiers, etc.)
  • Setup primary/alternate/formal/informal communication methods with your staff/supervisor
  • Setup call forwarding and/or be familiar with retrieving voicemail messages
  • Check with your IT support staff for specifics in connecting to your campus and/or department resources (such as a file server, shared drive, etc.) or if you need more detailed information.

When Working Remotely

Goal: Ensure work content is always protected

  • BEFORE starting to work:
    • Secure your computer using the guidelines listed here:https://www.hawaii.edu/askus/593
    • Ensure work-connected devices are patched and have AV and personal firewall running properly
    • Scan computer/devices for malware and ensure that computer/device are malware-free
    • If you do not have any anti-virus software installed, use the UH McAfee software: https://www.hawaii.edu/askus/1254
  • If possible, separate personal and work Internet use (e.g. use two different devices)
  • Always disconnect shared drives on a department file server when done working
  • DISCONNECT from the UH VPN before engaging in “home” or non-work activities
  • Avoid downloading sensitive material onto home devices
  • If downloading sensitive material is necessary, use HTTPS and file encryption. Avoid printing sensitive material.
  • If printing of sensitive material is necessary, shred the document as soon as possible
  • Never use email to send sensitive material, use UH FileDrop instead
  • Watch out for phishing, malicious attachments, scams, etc.
  • Verify email senders before completing requests
  • For high risk transactions, verify email senders using alternate methods (e.g. phone call)
  • Enable screen locking/login protection; recommend 10 minutes or fewer

  • DO NOT use public Wi-Fi for sensitive transactions
  • If you downloaded and installed software purchased through the UH Site License program on your home computer to use during the COVID-19 “work-from-home” mandate, you MUST delete/uninstall it from your home computer when you return to work

Protecting your Virtual Meetings

Goal: To ensure you have a safe virtual meeting with only authorized participants joining your session.

With the widespread use of Zoom Meetings when working from home, use the ITS Recommended Zoom Settings [PDF] to ensure that you don’t have “uninvited” guests joining your Zoom sessions.

More Resources:

Upon returning to the office

Goal: Verify security is in-place before resuming operations

  • Delete sensitive material on home devices
  • Check an already-online computer for signs of ransomware/compromise before turning on other computers
  • Patch workstations and update anti-virus before checking email and browsing the Internet
  • Uninstall any software from your home computer that was purchased through the UH Site License program during the work-from-home mandate

What is the UH VPN

VPN stands for “Virtual Private Network”. It enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. VPNs are generally used when a person wants to use a computer from a remote site (such as their home) to access “enterprise” (corporate) resources. The UH VPN allows you to become part of the UH network from anywhere.

Access to the UH VPN is only necessary if it is required by a specific institutional application. Most general applications (UH email, Laulima, etc.) are accessible without having to use the UH VPN.

DISCONNECT from the UH VPN before engaging in “home” or non-work activities. Please remember that the VPN is a SHARED resource. Please do not stream video or music while using the VPN.

Specific details on using the UH VPN can be found at: http://www.hawaii.edu/its/vpn/

When do I need to use the UH VPN?

List of UH Services that require the UH VPN (Login Required)

When working remotely, what do you need to consider when it comes to your work data?

  1. Determine the level of sensitivity of the data you work with
    UH has four data classification categories: Public, Restricted, Sensitive, and Regulated. They are listed in order based on increasing levels of sensitivity and risk. The following table describes the four groups. Looking at the type of data you work with, identify the category with the highest level of sensitivity. That will determine the security guidelines you need to follow. For example, if you work with a mix of Public, Restricted, and Sensitive data, follow the security guidelines for Sensitive data.

    2. Review the table on the data governance site (login required): https://datagov.intranet.hawaii.edu/institutional-data-classification-levels/

    More information is available at EP 2.214, Institutional Data Classification Categories and Information Security Guidelines.

  2. Review data security guidelines
    The Security Guidelines for Working Remotely provides guidance on how to protect your work data in accordance with UH policies. The most common types of applications are listed in the table below. If an application is not listed or you need further clarification, contact the Information Security Team at infosec@hawaii.edu
Services
System Public/Restricted Data Sensitive/Regulated Data
Audio and video conferencing (Zoom, Google Hangouts Meet, WebEx, etc.)

To schedule recurring conferences and/or classes on Zoom: https://www.hawaii.edu/its/videoconferencing/desktop/

No restrictions Yes, issue passwords to participants to prevent unauthorized individuals from accessing the link or recording the session without permission or plan to secure the file (recording) properly.

If you are part of JABSOM and will be using Individually Identifiable Health Information (IIHI), please contact JABSOM IT

Document management (Google@UH: Docs, Sheets, Forms, etc.) No restrictions Do not use.

Easy to mis-share files.

Exposures should be reported to the Information Security Team right away.

Document management (MS Office: Word, Excel, etc.) No restrictions Yes, at a minimum, password protect your file.
Email (Gmail, Outlook, Thunderbird, etc.) No restrictions Yes, do not send data/information via email.

The data needs to be encrypted when stored and when transmitted.

Use UH FileDrop to send sensitive/regulated documents
Storage (Downloading or saving work to your personal computer at home) No restrictions If necessary to save files to your local computer, it must be encrypted and deleted from your local computer when it’s no longer needed OR when you return to the office, whichever comes first.

Learn more about encryption here: https://www.hawaii.edu/infosec/resources-tips/encryption/
File transmission (FileDrop)
https://www.hawaii.edu/filedrop/ 		Not required Yes, use to receive or transmit files. Files can be exchanged with non-UH parties as long as one party has a UH username.

References

Contact Information

ITS Help Desk

Phone: (808) 956-8883
Toll Free: (neighbor isles) (800) 558-2669
Fax: (808) 956-2108
Email: help@hawaii.edu
Phone and Email Support

24 hours a day, 7 days a week
Open during all Holidays