University Workstation Security Standard for Remote Work

Overview

All workstations used for remote work must adhere to the University’s workstation security standards below.  Only University-managed devices may be used to process, store, or transmit Restricted Data

Category Standard
Physical
  • University-owned workstations may only be used by University employees and for business purposes only
  • Be conscious of your work environment and who may be able to see your screen or hear your calls
Operating System
  • Only supported operating systems may be installed
  • The operating system must be configured for automatic updates, so that patches are applied at least monthly
  • Only install and configure services that are required
  • No workstation should be configured to run as a server of any kind
Applications
  • Only authorized, supported, and properly licensed software can be installed
  • Any application updates and patches should be applied at least monthly
  • When possible, applications should be configured to update automatically
  • File sharing software must not be installed
Authentication
  • Enterprise Active Directory must be used for authentication whenever possible
  • All systems must have a password-protected screensaver configured to launch after a minimum of 15 minutes of inactivity
Malware Protection
  • All systems must use endpoint protection software that is kept up to date.
Network Protection
  • The workstation must use a wired ethernet connection or an encrypted wireless router
  • Public networks must be used with a VPN (GlobalProtect)
  • Ensure the default passwords for private wireless routers have been changed to a strong password
  • A host-based firewall should be installed and configured to block unnecessary inbound ports
  • The workstation should be disconnected from the University’s network when daily remote work is complete
Encryption
  • All laptops must utilize hard disk encryption such as BitLocker or FileVault
  • Removable media used to store high-risk data must be encrypted
Cloud Storage
Data Destruction
  • Any printed copies of high-risk data must be shredded before disposal
  • When no longer needed, hard drives and removable media must be securely sanitized or destroyed and not simply discarded 
Training

 

Request Help Print Article

Related Services / Offerings (1)

Security Awareness and Training (KnowBe4)
SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.