IT Security Guidance for Remote Access

University employees have the ability, in many cases, to access the University’s information systems from computing devices and locations other than their regular workspace and outside of the University’s network.

Remote access puts systems at higher risk for attacks and unauthorized access because if the system is accessible to employees/faculty and students from outside of the University’s network, it is also accessible to hackers and criminals. This translates to an increased likelihood that University information could be impacted from a confidentiality, integrity, or availability perspective. Additional precautions should be taken by employees when working remotely.

Special Guidance for Remote Work and COVID-19

COVID-19 Security Resource Library

Security Measures

If you access University information systems remotely from a non-SF State device, the SF State Information Security Office encourages you to consider the following:

  • Use anti-virus/anti-malware software and configure it to automatically update, this includes for your mobile device.
  • Configure your operating system and applications to automatically apply updates (e.g., Microsoft updates or Mac updates.)
  • Don’t use the “remember my password” feature when accessing University information on a shared device.

Follow these security tips when using SF State devices:

  • Don’t share or re-use passwords used to access University information and systems.
  • Protect passwords used to access University information, and consider using a password manager. Password Safe is free and available in the SF State Software Center for Windows Users at https://its.sfsu.edu/tags/softwarecenter
  • Use encryption whenever possible when storing University information on portable devices. 7-Zip is free and available in the SF State Software Center for Windows Users at https://its.sfsu.edu/tags/softwarecenter
  • Use anti-virus/anti-malware software to scan portable storage devices, e.g., USB drives or external hard drives when you first plug them in.
  • You should not consider your online activity to be private when using public Wi-Fi networks. Use VPN software to protect your communications when you connect to public Wi-Fi networks.
  • Use eduroam to connect to Wi-Fi if visiting participating campuses and institutions worldwide. Connect using your SF State credentials.
  • If a device containing University information is lost, stolen, or compromised report the incident to the appropriate delegated authority.
  • Email Security – Do not send Level 1 information (confidential data) in an email message and be on alert for phishing scams. Report any suspicious emails using the PhishMe reporter tool for Outlook, Outlook Web Access (OWA), and mobile Outlook.