Security Guidance for Remote Access
What You Need to Know
University employees have the ability, in many cases, to access the University’s information systems from computing devices and locations other than their regular workspace and outside of the University’s network.
Remote access puts systems at higher risk for attacks and unauthorized access.
If the system is accessible to employees/faculty and students from outside of the University’s network, it is also accessible to hackers and bad actors. This translates to an increased likelihood that University information could be impacted from a confidentiality, integrity, or availability perspective.
Additional precautions should be taken by employees when working remotely.
What You Need to Do
If at all possible, you should be accessing University Information Systems through state-owned devices. However, if that is not possible, the SJSU Information Security Office encourages you to consider the following for your non-state-owned device:
- Use anti-virus/anti-malware software and configure it to automatically update. This includes your mobile device. SJSU offers anti-virus to all employees and students.
- Configure your operating system and applications to automatically apply updates (e.g., Microsoft updates or Mac updates).
- Don't use the "remember my password" feature when accessing University information on a shared device.
Follow These Security Tips When Using SJSU Devices
- Visit SJSU's Work Anywhere website for Remote Access Support,
- Don't share or re-use passwords used to access University information and systems. See our Responsible Use Policy [pdf] and Data Classification Cheat Sheet [pdf].
- Protect passwords used to access University information and consider using a password manager.
- Use encryption whenever possible when storing University information on portable devices. 7-Zip is a free archive tool with encryption capabilities, available on the 7-zip download page.
- Use anti-virus/anti-malware software to scan portable storage devices (such as USB drives or external hard drives) when you first plug them in.
- You should not consider your online activity to be private when using public Wi-Fi networks. Use trusted VPN software to protect your communications when you connect to public Wi-Fi networks.
- Use eduroam to connect to Wi-Fi if visiting participating campuses and institutions worldwide. Connect using your SJSU login.
- Mobile/Laptop/Workstation should be encrypted.
If a device containing University information is lost, stolen, or compromised, report the incident to the Information Security Office at email@example.com.
- Email Security – Do not send Level 1 information (please see our Data Classification Cheat Sheet [pdf] for more information) in an email message and be on alert for phishing scams. Report any suspicious emails using the Gmail "Report Phishing" tool.
What Happens if You Don’t Act
You may experience:
- An account breach or a compromised account
- Your computer may get a virus
- You open yourself to identity theft.