Secure remote work
When working off-campus, you are responsible for protecting your own information security and that of the University. You must adhere to all the applicable information security policies regardless of whether you are working on or outside of the campus.
These guidelines focus on information security. When working remotely, information security primarily relies on employee awareness: at home you have no safety specialists managing access rights and the placement of your workspace. The good practices that we should all follow when working from home are listed below.
When you are teleworking, you must adhere to the following principles:
- Use your work computer only for work-related purposes.
- Avoid using public WiFi networks.
- Use a VPN and strong authentication to protect data.
- Set up your home office be in a safe and quiet location.
- Make sure outsiders do not have access to confidential data.
- Store data in the cloud or a network drive.
- Stay alert to phishing attempts.
Use your work computer only for work-related purposes
Do not edit your work documents on your personal computer or use your personal email to send a message to a colleague or to your own work email address. This would be virtually the same as publishing everything openly on the internet. When you are teleworking, you may only use your University-issued work computer and the software installed on it. This ensures a similar level of protection for information systems as when working on campus.
Remember that your work computer is for your personal use only. Your family members are not allowed to use it.
For example, playing computer games, browsing unreliable entertainment sites and downloading software available online on your work computer is not allowed. These activities constitute a threat to information security. Do not use your University-issued devices or software to engage in activities that may threaten information security. Use your personal equipment and software for activities that are not related to your work.
You may only use employer-authorised peripheral equipment (such as USB sticks). Peripherals may be infected with malicious software that may spread to the University’s other systems.
When you are working or studying remotely, it is very important that security patches and upgrades are automatically installed. Make sure all software and OS updates are installed when they are made available. Do not use outdated software.
Students use their private computer for both study-related and personal purposes. Still, students are advised to use separate apps for study-related and personal purposes to maintain information security. We recommend you use different browsers for study-related and personal purposes and close unnecessary apps when you are studying on your computer. It is best to avoid using social media while working on your computer. This will reduce the risk of data breaches. If possible, you should only use the University-provided apps and systems. Do not download free apps from unknown sources.
Use a VPN and strong authentication to protect your data
Do not use public WLAN or WiFi networks when you are working off-campus or at home. Public WiFi hotspots do not encrypt the information you send over the internet. If you use a WiFi network when teleworking, make sure it is password-protected and that your computer is updated. If you do not have access to a secure WiFi network while on the go, consider using your work phone as a mobile hotspot.
You will not be able to securely access all the services provided by Tampere Universities over the internet, but if you set up a VPN connection, you will be able to establish a secure connection to the internal university network and gain access to a specific set of services and resources. With VPN enabled, your computer will be protected by the security mechanisms maintained by the University. This minimises the level of risk.
However, you should not use VPN unnecessarily at the moment to prevent the service from becoming overloaded.
Employees should not, for example, watch the info sessions of the government or other videos on their work computer unless these are directly related to their professional duties. The coronavirus crisis is being exploited to spread malware.
Staff should connect their work computer to the university network on a regular basis (once a week) so that possible new security patches and license updates can be installed. Always allow updates when prompted.
Set up your home office in a safe and quiet location
When you are working from home, your work computer, software and connections should work as well as they do on campus. Make sure your workspace is suitable for working on confidential files. Take a minute to consider where to set up your home office. We understand that this may not be easy under the current circumstances but try to find a quiet space at least when attending virtual meetings where sensitive topics are discussed. We have heard that someone has even occasionally been taking part in online meetings sitting in a cold sauna.
From the perspective of information security, it is important that outsiders will not be able to accidentally see or hear anything confidential when you are working from home. Use a headset microphone instead of a speaker. Mute your microphone when necessary to prevent other meeting participants from hearing conversations going on in your home.
Make sure outsiders will not be able to see your computer screen through a window. Modern cameras have long-range zooms, so check that your computer is not facing a window.
Keep your workspace clean and tidy. Store your documents in a safe location. Do not leave papers lying around. For example, a backpack equipped with a combination lock found on suitcases is usually a safe enough location at home.
Another thing to consider when teleworking is sound proofing. You cannot take confidential calls when you can be overheard by your family members, guests or passers-by. You must be able to close the door when you are talking on the phone or participating in a virtual meeting. Do not use names when discussing sensitive information. Avoid having conversations where an outsider could identify the person you are speaking about.
Draw a line between your personal and professional life.
Family members and data protection
Working from home may be challenging when you have family members or flatmates. You should talk about these challenges with your family or flatmates and explain that you may have to process confidential employer data while working. Sharing this type of data may constitute a breach of confidentiality.
Make sure your family members or other unauthorised persons cannot use your work equipment (do not share your password with others) or accidentally see your computer or phone screen when you are working on confidential files.
If you have a privacy filter for your work computer or phone, use the filter also when you are working from home. Lock your computer (Win+L key combination) when you leave your desk. Try to create a quiet workspace for yourself so you can make work-related calls. If you need to discuss confidential or restricted data, use encrypted email instead of calls to prevent others from accidentally overhearing you.
When you take part in video conferences, check what the others can see in your background. If you do not use the video feature, it is best to cover your camera with a piece of paper or tape. This will prevent you from being seen when you do not want to be seen.
Store data in the cloud or a network drive
Sometimes it may be difficult to keep materials secure when working off-campus or even in an office environment. The best way to protect data is to minimise the number of confidential paper documents and the amount of confidential data stored on your computer hard drive. Your hard drive must be properly secured.
Your duty to protect data also applies to paper documents. If possible, avoid taking paper documents from your workplace to your telework location. Do not print out documents in your telework location unless it is absolutely necessary. Store paper documents in a locked space that only you can access. Securely dispose of paper documents, for example, by shredding them when you no longer need them.
Always store your data on a network drive or a cloud service (such as OneDrive) or virtual workspace (such as Teams) provided by Tampere Universities. This will minimise the damages if your work computer breaks or is stolen.
Especially when you are on the go, there is a heightened risk of your work computer breaking or being lost. The use of the centralised services provided by Tampere Universities will save you a world of trouble if your computer breaks or goes missing. You can usually continue your work on a replacement computer as usual, if your data is safely stored in the cloud. Remember that we have the same duty of confidentiality when we are working on and off campus. If you leave your workspace for an extended period, place your computer in a location where others will not immediately see it.
Be prepared for momentary interruptions
Because of increased telework, the systems and services provided by Tampere Universities are under a heavy strain. Please be prepared for momentary interruptions when teleworking.
To help prevent overload, you can, for example, turn off your video during online meetings unless it is necessary for the others to see you.
If you have problems with the video connections, consider setting up a conference call.
Stay alert for phishing attempts
Scammers are attempting to exploit the coronavirus pandemic, and a number of internet and phone scams are being targeted to education providers and other sectors. Our staff members have received phone calls claiming to be from our IT services. You may also receive, for example, fraudulent news emails from unknown addresses, asking you to provide personal data or click on links.
What should I do if I suspect a data breach?
You must safeguard the confidentiality of data and report suspected breaches to your supervisor and/or IT contact person.