Last Updated: 2020-07-14-9:24
- Before leaving the office
- When Working Remotely
- Protecting your Virtual Meetings
- Upon returning to the office
- What is the UH VPN
- When working remotely, what do you need to consider when it comes to your work data?
- Contact Information
- For IT Support Staff
Before Leaving the Office
Goal: Establish communication channels and reduce the attack surface
- Backup important files (physical or digital) and secure them properly
- Lock up documents, flash drives, files, external hard drives, etc. that contain sensitive content
- Consider enabling DUO multi-factor authentication (MFA) to protect your UH account from being misused by attackers; for more information, see: https://www.hawaii.edu/askus/1758
- For DUO MFA users, Ensure that you have multiple devices/methods setup for authorization such as a list of passcodes, or another non-work phone number especially if you are currently using your desk phone as a registered device
- Turn off any devices that are not needed while you are out (desktop computer, printer, fax machines, copiers, etc.)
- Setup primary/alternate/formal/informal communication methods with your staff/supervisor
- Setup call forwarding and/or be familiar with retrieving voicemail messages
- Check with your IT support staff for specifics in connecting to your campus and/or department resources (such as a file server, shared drive, etc.) or if you need more detailed information.
When Working Remotely
Goal: Ensure work content is always protected
- BEFORE starting to work:
- Secure your computer using the guidelines listed here:https://www.hawaii.edu/askus/593
- Ensure work-connected devices are patched and have AV and personal firewall running properly
- Scan computer/devices for malware and ensure that computer/device are malware-free
- If you do not have any anti-virus software installed, use the UH McAfee software: https://www.hawaii.edu/askus/1254
Protecting your Virtual Meetings
Goal: To ensure you have a safe virtual meeting with only authorized participants joining your session.
With the widespread use of Zoom Meetings when working from home, use the ITS Recommended Zoom Settings [PDF] to ensure that you don’t have “uninvited” guests joining your Zoom sessions.
- Zoom Recommendations: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/
- NIST Best Practices on conducting virtual meetings securely: https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings
- ITS Zoom Blog: https://www.hawaii.edu/its/videoconferencing/zoomblog/
Upon returning to the office
Goal: Verify security is in-place before resuming operations
- Delete sensitive material on home devices
- Check an already-online computer for signs of ransomware/compromise before turning on other computers
- Patch workstations and update anti-virus before checking email and browsing the Internet
- Uninstall any software from your home computer that was purchased through the UH Site License program during the work-from-home mandate
What is the UH VPN
VPN stands for “Virtual Private Network”. It enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. VPNs are generally used when a person wants to use a computer from a remote site (such as their home) to access “enterprise” (corporate) resources. The UH VPN allows you to become part of the UH network from anywhere.
Access to the UH VPN is only necessary if it is required by a specific institutional application. Most general applications (UH email, Laulima, etc.) are accessible without having to use the UH VPN.
DISCONNECT from the UH VPN before engaging in “home” or non-work activities. Please remember that the VPN is a SHARED resource. Please do not stream video or music while using the VPN.
Specific details on using the UH VPN can be found at: http://www.hawaii.edu/its/vpn/
When do I need to use the UH VPN?
When working remotely, what do you need to consider when it comes to your work data?
- Determine the level of sensitivity of the data you work with
UH has four data classification categories: Public, Restricted, Sensitive, and Regulated. They are listed in order based on increasing levels of sensitivity and risk. The following table describes the four groups. Looking at the type of data you work with, identify the category with the highest level of sensitivity. That will determine the security guidelines you need to follow. For example, if you work with a mix of Public, Restricted, and Sensitive data, follow the security guidelines for Sensitive data.
- Review data security guidelines
The Security Guidelines for Working Remotely provides guidance on how to protect your work data in accordance with UH policies. The most common types of applications are listed in the table below. If an application is not listed or you need further clarification, contact the Information Security Team at firstname.lastname@example.org
Review the table on the data governance site (login required): https://datagov.intranet.hawaii.edu/institutional-data-classification-levels/
|System||Public/Restricted Data||Sensitive/Regulated Data|
Audio and video conferencing (Zoom, Google Hangouts Meet, WebEx, etc.)
To schedule recurring conferences and/or classes on Zoom: https://www.hawaii.edu/its/videoconferencing/desktop/
Yes, issue passwords to participants to prevent unauthorized individuals from accessing the link or recording the session without permission or plan to secure the file (recording) properly.
If you are part of JABSOM and will be using Individually Identifiable Health Information (IIHI), please contact JABSOM IT
|Document management (Google@UH: Docs, Sheets, Forms, etc.)||No restrictions||
Do not use.
Easy to mis-share files.
Exposures should be reported to the Information Security Team right away.
|Document management (MS Office: Word, Excel, etc.)||No restrictions||Yes, at a minimum, password protect your file.|
|Email (Gmail, Outlook, Thunderbird, etc.)||No restrictions||Yes, do not send data/information via email.
The data needs to be encrypted when stored and when transmitted.
Use UH FileDrop to send sensitive/regulated documents
|Storage (Downloading or saving work to your personal computer at home)||No restrictions||If necessary to save files to your local computer, it must be encrypted and deleted from your local computer when it’s no longer needed OR when you return to the office, whichever comes first.
Learn more about encryption here: https://www.hawaii.edu/infosec/resources-tips/encryption/
File transmission (FileDrop)
|Not required||Yes, use to receive or transmit files. Files can be exchanged with non-UH parties as long as one party has a UH username.|
- Official University information on COVID-19: https://www.hawaii.edu/emergency/important-health-information-novel-coronavirus/
- Information Technology Services COVID-19 Resources: https://www.hawaii.edu/its/covid-19-resources/
- Desktop Videoconferencing (Zoom) — https://www.hawaii.edu/its/videoconferencing/desktop/
- ITS Zoom Blog: https://www.hawaii.edu/its/videoconferencing/zoomblog/
- Getting setup for Multi-Factor Authentication (MFA) — https://www.hawaii.edu/askus/1758
- McAfee Anti-virus Software at UH — https://www.hawaii.edu/askus/1254
- Report Security-Related Issues or Incidents — https://www.hawaii.edu/infosec/notification/
- Securing your Computer — https://www.hawaii.edu/askus/593
- UH FileDrop — https://www.hawaii.edu/filedrop/
- UH Institutional Data Classification Levels — https://datagov.intranet.hawaii.edu/institutional-data-classification-levels/
- UH ITS Help Desk — https://www.hawaii.edu/its/help-desk/
- UH ITS VPN Information — http://www.hawaii.edu/its/vpn/
ITS Help Desk
Phone: (808) 956-8883
Toll Free: (neighbor isles) (800) 558-2669
Fax: (808) 956-2108
Phone and Email Support
24 hours a day, 7 days a week
Open during all Holidays