Information Technology Division
aerial view of campus

Security Guidance for Flexible Working

Security Guidance for Flexible Working

随着大学过渡到校园和远程工作的混合工作模式, 重要的是尽量减少对大学和个人信息的任何风险. 本文档概述和整合了安全计算的指导和提示, 通常是从我们已建立的MSU计算策略中提取的.

Client Workstation Use

什么时候我应该使用大学发行的工作站,而不是个人工作站?

We strongly recommend that employees who have a desktop or laptop issued and managed by the University should use that machine for all business and education-related activities, 无论是远程工作还是在校工作. These machines are centrally managed by IT and/or your college’s local technology team and are configured with additional security settings that may not be present on a personally owned or personally configured machine.  Employees should avoid sharing their University-issued computer with family members or using it for non-work related activities like casual web browsing, streaming entertainment, online shopping, etc. 因为这些活动会增加暴露于恶意软件的风险.

Employees must report the misplacement, theft, or loss of a University-issued device (or any device that has been used to store University related information) to their local police station (or University campus police if the loss occurs on campus), their direct supervisor, 和IT服务台(或你所在学院的当地技术团队)尽快联系. 请在收到出具的警方报告后提供.

We also strongly recommend that use of personally acquired/managed computing devices (including personally managed computers acquired with University grant or startup funds) and public machines (such as a shared library workstation) for work-related duties be limited to:

a. 访问您的大学电子邮件帐户

b. Browsing the public web/internet

c. 访问校园应用程序(NEST, Banner等.) and approved Cloud services
(Google Calendar, Google Drive, Canvas, Workday, Zoom等.) with your NetID

d. 开发教育材料或进行不涉及敏感的研究
University data

You are accountable for following the guidelines below whether using University-managed or personal computing devices for work-related purposes.

Client Security Tips

Workstations  (e.g. laptops and desktops)

  1. When using any computer, whether 由学校管理或自行管理:

a. To minimize risk of data loss or compromise due to hardware failures or security exposures, avoid retaining data 在设备的内部存储(C: drive). 相反,将大学数据存储在MSUFiles文件服务器或Google Drive上. 如果您临时从中央存储位置复制了文件(例如.g. MSUFiles), please delete them from the device’s internal storage when you are finished working with them.

b. 在不积极使用客户端设备时注销它.

c. Explicitly 将笔记本电脑设置为休眠/关机模式时,不积极使用(即, do not just close the laptop cover) to ensure full Windows Bitlocker or MacOS FileVault encryption protection.

d. 不要把正在运行的笔记本电脑放在私人和安全的工作空间之外无人看管.

e. Perform a full reboot of the client device at least once every few days to ensure that security, 定期更新操作系统和其他应用程序.

  1. When using University-managed computers:

a. Apply all updates when prompted by the system as they are distributed via the University’s device management system.

b. 如果授予本地管理访问异常, 不安装与工作无关的应用程序, plug-ins, or other software.

  1. If using a 个人(非大学管理的)计算机 for work-related needs:

a. Make sure your computer is kept up-to-date with all operating system and software patches, applied weekly or more frequently.

b. Do not access sensitive data using personal computers that cannot be updated with the latest patches and/or are not 运行最新支持的操作系统.

c. 始终使用杀毒软件,并检查它是否正在运行和积极更新. If you do not have anti-virus software, you can download Sophos Antivirus by logging into the MSU Software Repository.

d. 不要在你的设备上存储任何敏感的大学数据.  而是通过Google Drive和/或 MSUFiles (including Shared O: and N: Drives). 

e. Do not 使用您的NetID密码登录到 your personal computer 或任何其他个人网上帐户登录. This can help to protect your NetID account if your personal computer is compromised by malware or other security issues.

Mobile devices (e.g. smartphones, tablets)

无论是使用学校发放的还是个人手机/平板电脑,f或保护大学数据以及您自己的数据(例如.e. 联系人列表,日历,照片,文本等.), enable screen-lock on the device using either a PIN or biometric (face or fingerprint recognition) feature.  Also, regularly update the device to the latest version of the operating system to ensure patching of any known security vulnerabilities.

Avoid accessing sensitive data from mobile devices and/or tablets that have not been updated to the latest operating system.

Data handling

If there is a need to share files that contain sensitive information with other MSU employees, do not use unencrypted email. Instead use the MSU File Hawk 安全的文件分发系统位于:

 http://msufilehawk.rockmark.net 

有关如何发送敏感信息的概述,请参见 MSU File Hawk website.

Alternatively, 您可以通过将敏感信息移动到加密附件来安全地发送电子邮件, e.g. 使用Microsoft Office文档或adobeacrobat加密功能, 然后通过其他方式交流密码,或者至少通过单独的电子邮件.  这个过程的概述可以在我们的 如何密码保护和加密文件 document.

Always store sensitive information on on the MSU-managed central file server known as MSUFiles (including Shared O: and N: drives) 或者使用经过批准的云服务,比如密歇根州立大学的谷歌工作空间(Google Workspace).e. Google Drive) when appropriate. Google Drive may be used to store most work-related documents with the exception of highly sensitive information classified as “Private”, such as social security numbers or health information (refer to the Data Classification and Use Policy for full list).  “私人”信息应存储在msu文件中.

Remote network access

  1. Be very cautious when connecting to wireless networks off-campus in public spaces such as restaurants, airports, etc. 这些公共无线网络通常不使用安全连接 (i.e. 加密)在您的设备和无线接入点之间. This means it is possible for information traveling between your device and the access point to be intercepted and viewed.
  2. 确保你已经在家庭无线网络上设置了密码, which will prevent unwanted access to your home or apartment  WiFi network by neighbors or anyone within range of your wireless router’s signal.

VPN:对校内限制访问的应用进行远程访问

To access an application remotely that is restricted to only on-campus use (such as MSUFiles, Call Center soft phones, some Banner/NEST functions, 以及报告工具(如COGNOS和Tableau)。, 必须先通过VPN业务连接到校园网. You can connect to the campus VPN  by launching the “Cisco AnyConnect” VPN application on your university-managed device and logging in with your NetID and password. You will also need to use DUO multi-factor authentication when logging into the VPN by typing the word “push” into the 2nd password field of the AnyConnect client application.  请参阅以下VPN用户指南了解更多信息:

http://gl8a.rockmark.net/information-technology/campus-vpn-remote-access-guide/

如果您需要在您的个人电脑上安装VPN客户端软件, please refer to the section in the guide on “Connecting to the VPN with Cisco AnyConnect” and select your operating system.

Protect yourself against phishing

    1. 在阅读电子邮件时,要格外警惕可能的网络钓鱼诈骗信息.
    2. Do not click links or download files attached to an email that you are not expecting or from someone you do not recognize. 如果您不确定,请先尝试直接联系发件人.
    3. Move your cursor over a URL/link and check that the resulting link displayed (usually in the bottom bar of your browser or email client) does not appear suspicious.
    4. Continue to be aware of “social engineering” attacks such as someone posing as a colleague or manager and asking you (often with a sense of urgency) to provide information or perform uncommon tasks (e.g. “请购买四张礼品卡,寄到这个地址.”)

在哪里可以找到更多有关大学资讯保安政策的资料?

所有与信息安全相关的现行政策, the handling of sensitive data, 及一般使用指引,可浏览大学的政策网页:

http://gl8a.rockmark.net/policies/category/technology/

The three policies at the above link that are most relevant to flexible or remote working are:

    1. Responsible Use of Computing Policy
    2. Data Classification and Use Policy
    3. Google Drive Usage Guidelines
" class="hidden">中银三星人寿