Working Remotely and Securely
Whenever information relating to TRU business is used outside of the office or the classroom, there is an increased risk of loss or compromise. TRU is required by the Freedom of Information and Protection of Privacy Act (FIPPA) to keep all personal information in its custody or under its control safe and secure.
All records relating to TRU business are subject to the access and privacy provisions of FIPPA even if they are created, sent, or received through non-TRU email accounts, or stored on personal devices.
Protecting Personal & Confidential Information
At TRU, we all have a shared responsibility to protect personal and confidential information about students, faculty, staff, alumni, and donors. By taking a few simple steps to stay secure, we all can make an impact on privacy and information security. TRU employees are reminded that all TRU policies and procedures must be followed regardless of their working location.
These polices include but are not limited to:
- Responsible Use of Information Technology Facilities and Services
- Information Classification Standard
- Smart Phone Standards
- Mobile Device Standard
- Confidentiality of Student Information
- Records Retention/Destruction Policy
- Cloud Security Standard
Here are things you can do to protect personal information when working remotely:
1. Physical Records
- Only remove information from the office that is essential to carry-out your job duties.
- If possible, take copies of physical records and leave the originals in the office.
- Store physical records in a locked filing cabinet or desk drawer that you have sole access to.
- Unattended documents on a printer or desk at home could lead to a data breach of personal or confidential business information.
- Upon returning to the office, return records to their original storage place as soon as possible and destroy copies securely by shredding them.
2. Privacy Safeguards
- Do not leave your laptop/computer screen unattended. Lock screen or logoff your work session.
- Do not share a laptop/computer used for work with family members and/or friends.
- Do not use your personal email as a means to transfer records containing personal or confidential information for work purposes.
- When using video conferencing:
- Users must get permission to record a video conference from everyone on the call. The intention of such recordings should be for note-taking only. If recording for other purposes all attendees should be notified about that purpose and give their permission for that recording.
- Personal or sensitive business information should not be discussed in public places or spaces that may include other members of your household.
- Any visible personal or confidential data must be removed from camera view.
- Cameras and microphones should be turned off when not in use.
- Encrypt any electronic device that you use to store TRU personal or confidential business information. This includes, but is not limited to, home computers, USB flash sticks, and laptops. Contact the IT Service desk if you need assistance.
- Securely remove all TRU information from a personal computer once it is no longer needed.
3. Data Breach
4. Information Security Guidelines
- Normally, when connecting to TRU resources outside the office, use a VPN connection, BUT at this time of uncertainty due to COVID-19, employees are asked NOT to use the VPN for accessing email until further notice.
- Do not accept software updates that are triggered from a website or email, such as Java or Adobe Flash.
- Store your electronic device(s) in a secure location when transporting or travelling (e.g. trunk of a car).
- If using a home computer, ensure that your anti-virus/malware detection software is up-to-date.
- Avoid using public charging stations (i.e. where a charging dock or cable is already provided), such as on a ferry or in an airport, as these are not considered safe for use, and may infect your device with a virus or malware.
5. Never Open Unexpected Attachments – Be Careful What You Click
Many attempted phishing and ransomware attacks appear in your inbox looking like an email from a person or service that you trust. If it looks unusual, feels unexpected, has any typos, or it just seems “odd”, then do not click any of the links.
One way to verify the link before you click it is to hover over a hyperlink in your inbox, without clicking. When you hover over a hyperlink, you’ll see the target URL in the lower-left corner of your browser or in a small pop-up in your email. Forward any unusual or suspicious email to firstname.lastname@example.org.
Recently, TRU has seen many malicious attempts that use COVID-19 subject matter as a means to get people to act. There have been attachments and links that claim to be from medical services indicating people may have come in contact with someone known to be infected with COVID-19. Be extra vigilant concerning these types of email messages and forward them to email@example.com.