Best Practices for Teleworking
Teleworking allows for greater flexibility in your schedule, but it very important to understand the risks to privacy and information security that exist when working remotely.
Please read and review these guidelines and apply them to your teleworking practices:
- Properly secure your documents within the UMass Chan Shared Drive. In addition, secure any hard copy documents that you take outside of the UMass Chan work space.
- Stay within the UMass Chan network by connecting through the UMass Chan Virtual Private Network.
- If you are using a personal computer, never forward documents to your personal e-mail account. Although there will be instances where you need to send information to a personal account, forwarding unencrypted emails to either yourself or to someone else is a breach of privacy.
- If you know you will be teleworking and have gone through administration regarding the Flexible Work Policy, identify the files you need to work on in advance. Organize them on the network drive so that they will be easily accessible to you.
- Take advantage of approved UMass Chan collaboration tools to help make it easier for you to work remotely.
- Have a back-up plan in case you experience issues with network connectivity, but never transfer files from your personal computer to thumb drives or other portable electronic devices.
- Secure your UMass Chan equipment and information at all times. This means while at home or traveling. If you must leave equipment and documents unattended, ensure they are safely secured. Never leave them for too long.
- If using a Personal Computer from home, make sure that you have updated Anti-virus software.
- Windows OS
- See recommendations at https://www.microsoft.com/en-us/security/default.aspx
- Windows OS version 8 and 10 come with Microsoft Defender installed.
- Some third-party software is also available:
- Avast
- Cisco
- Avira
- Bitdefender
- MacOS
- See recommendations at https://www.apple.com/macos/security
- Some third-party software is also available:
- Windows OS
- Ensure that your home WiFi is secure
- Make sure your home WiFi network is password protected with at least WPA2 level
- Never use public WiFi to access sensitive information.
- Even when you are connected to the Medical School with Pulse Secure, your web browsing does not pass through the VPN tunnel. This means that network traffic to personal or business web sites is not encrypted.
- Always make sure any web sites you visit contains the symbol in the URL bar or the URL begins with HTTPS and not simply HTTP (like https://inside.umassmed.edu).
- Be careful what you download and install:
- At home, you have free reign to go where you want on the internet and install whatever software you can.
- Downloading software from untrusted sources often introduces malware that can impact your home PC as well as the Medical School’s network.
- Since we don’t manage your home computers you need to be extra vigilant and take on the responsibility for safeguarding sensitive information.
- Never save sensitive Medical School data to your home computer:
- Visit the Medical School’s Information Technology Tools for Working Remotely site for secure cloud storage and collaboration options.
- Be vigilant for Phishing scams:
- Cyber-criminals are targeting email accounts of Health Care and Public Sector institutions.
- As always, never, ever click on any link or attachment from an email that you were not expecting.
Try to recognize a potential privacy incident and know how to report it.
Examples of Privacy Incidents:
- Sending an email containing Sensitive PII to your personal email account.
- Sending unencrypted Sensitive PII outside the DHS network (i.e., to another agency, to a private sector partner, to a potential hire).
- Allowing family members access to documents containing Sensitive PII. • Printing documents containing Sensitive PII to your personal printer.
- Using a thumb drive or other device to transfer data (i.e., Sensitive PII) to your personal computer.
Please also refer to these UMass Chan Information Technology policies: