Employees are responsible for adhering to the UNT System Information Security Policy and UNT System Information Security Handbook in regard to ensuring the confidentiality, integrity, and availability of data, information, and information resources while working remotely.
Employees must ensure that personal or university-owned technology or equipment used during flexible work arrangements and remote work arrangements adhere to the protection requirements identified in the UNT System Information Security Handbook, and do not allow an unauthorized party access to University-owned data, information, or information resources. Employees are required to adhere to University policies regarding copyright laws, intellectual property, and other policies related to use of information resources and equipment.
All work performed at alternative locations; including products, programs and projects, is the property of the University of North Texas. Therefore, each employee is responsible for ensuring the safety and integrity of data and software used at the remote worksite.
Connect Securely to University Networks and Resources
Employees should use the Virtual Private Network (VPN) when connecting to university networks or resources from remote locations. Using the VPN ensures that you are establishing a secure connection when using university technology resources. Instructions on how to connect to the university VPN can be found in the Remote Access/VPN Guide.
Avoid using unfamiliar Wi-fi networks. If you use a home Wi-fi network ensure that the network uses strong encryption such as WPA2 protection and enable a secure Wi-fi password to protect the network from unauthorized access or use.
Protect University Data
When using or handling university data, ensure that the data are backed-up and files are saved to a system that is properly maintained by the university on a daily basis. Contact your university IT support staff for information on how to back-up and save files to appropriate locations. Examples of secure locations include OneDrive and department file shares.
Encrypt all data that are stored on a portable device, media, personally-owned devices, or other non-university-owned devices. Confidential data includes student information, most employee information, personally identifiable information, some research information, and other information that is identified in data protection laws, confidentiality agreements and contracts.
Avoid downloading sensitive or confidential data to a personally-owned device.Do not allow family members or other unauthorized individuals to view or access university data even if the data are not considered confidential.
Avoid sending confidential or personally identifiable information in email. To encrypt messages sent from the university email system, add #secure to the subject line.
Avoid saving your passwords in your browser in order to prevent an unauthorized individual or intruder from accessing university applications and resources.
Prevent university-owned data from being viewed by unauthorized persons. Be aware of shoulder-surfing.
Log out of devices and applications when no longer in use. This will ensure that no unauthorized parties can use your account to access university resources and data.
Clear your web-browsing data cache when no longer using a web browser. This will ensure that your web browser does not store your account, password or other sensitive data.
Protect University-Owned Equipment
University-owned equipment must be used in accordance with university policies and security standards. Unauthorized individuals, including family members are not authorized to use university equipment.
Do not leave laptops or other university-owned devices unprotected while working remotely. Ensure that physical security measures are in place to prevent damage, harm, theft, and loss.
University-owned equipment is configured to run effectively and securely. Do not change or disable security controls such as firewalls, encryption software, anti-virus protection, system patching and update controls, monitoring controls or change other configurations.
Lock your device when not in use and use password protected screensavers.
To avoid automatically connecting to an unknown network, turn off automatic Wi-fi connections until you are ready to connect to university resources.
Only visit websites that you know are trusted to avoid accidental infection of malicious code or third-party snooping.
Keep work and personal business separate. Do not use university equipment for personal use, store personal information on university-owned equipment, share your password or accounts, or allow family members or other unauthorized individuals to use university-owned equipment.
Properly manage documents in accordance with university retention and security policies.
Protect Personally-Owned Equipment
Personally-owned equipment used for university business must be protected in accordance with university information security policies and standards. The following basic controls must be implemented:
- Ensure that software installed on personally-owned devices is up-to-date and patched. Follow maintenance recommendations identified by the software manufacturer.
- Install anti-virus software that detects, quarantines or deletes malicious code on personally-owned devices. ITSS Information Security provides McAfee Antivirus software that can be downloaded online at AntiVirus Download with a valid EUID and password. The antivirus software should be configured for regular updates and automatic scans to remain effective.
- Regularly save, back-up, and store university-owned data and files to university-owned servers and resources.
- Lock your device when not in use and use password protected screensavers.
- Ensure that physical security measures are in place to prevent damage, harm, theft or loss or personally-owned devices.
- To avoid automatic Wi-fi connections to unknown networks, turn off automatic Wi-fi connections until you are ready to connect to the university’s secure location.
- Do not share your university account or passwords with family members or other unauthorized individuals.
- Be mindful of apps that you install on your personal device. Ensure that they are developed by trusted sources and have been vetted by legitimate stores such as Apple or Google Play. Doing so will help you avoid accidentally installing apps that are infected with malware or apps that track your activities.
- Properly manage documents in accordance with university retention and security policies.
- Configure your personal device to enable privacy settings, such as enabling safe browsing and disable settings that allow browsers to track your activities.
Use University Approved Technology to Collaborate, Communicate and Conduct University Business
Use secure and university approved technologies for collaborating, communicating and conducting university business with university officials and personnel. Examples of approved technology include the collection of tools available in the Microsoft Office 365 suite (Teams, Outlook, etc.).
Ensure that business conversations cannot be overheard by unauthorized individuals.
Keep work and personal business separate. Do not use university resources for personal use.
Be Vigilant- Beware of Scams
Avoid becoming a victim of a scam. Scammers are attempting to take advantage of fears surrounding current issues. Phishing attempts can be quite convincing if they contain logos or disclaimers taken from legitimate websites. Be vigilant about protecting your remote work environment to ensure the confidentiality, integrity and availability of university resources and data.
Do not open or click on suspicious emails, links or attachments from sources that you do not know. Check the “from” address in email messages to ensure that the message is from a valid source and is not an impersonation attempt from an attacker.
Watch for and avoid scam emails claiming to be from sources such as the Centers for Disease Control and Prevention (CDC) or experts saying that have information about the coronavirus.
Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19) — online or in stores.
Beware of scams requesting donations for charities or crowdfunding sites.
Getting Help and Reporting Security Incidents
If you need technical support or assistance while working remotely, contact your IT support team or submit a Help Ticket. Do not allow unauthorized individuals to access or modify university-owned devices or information.
If you suspect that you have been a victim of a scam, phishing incident or would like to report other security issues contact your local IT Helpdesk or Information Security immediately.
UNT System Service Desk:
To learn more about information security, visit the Information Security website. For more information about security requirements, please review the UNT System Information Security Policy and the UNT System Information Security Handbook.