Working Remotely and Securely

 

For those of you working remotely there is a responsibility to protect the state enterprise environment and the state data you access.  We have put together guidelines to help you understand what you need to do.  

When working from home please confirm the following: 

  • The wireless (WiFi) connection you are using is secure.   You can confirm that by going to the  Network and Internet settings and it will display if the connection is Open or Secure.  No state business should be conducted on an Open (non-secure) internet connection. 
     
    secured wifi image

    Ensure you are prompted to enter a password when accessing Wi-Fi to perform remote work.  

    Your internet service should provide guidance on securing your home WiFi.  Additional  information can be found here https://www.us-cert.gov/ncas/tips/ST15-002
  • Your personal computer is up to date on operating system patches and application patches.  Any computer used to access Office 365, or other remote options, must be updated. To check Windows 10 patches enter update in your quick search and select the Check for updates box.

    check for updates image
 
  • If current patches are applied, it will return a message that You’re up to date otherwise it will display the required patches.  Be sure to follow your agency IT procedures to apply patches.

  • You have an antivirus program running on your personal computer and it is performing daily updates.  There are a number of packages available.  Windows Defender Antivirus is embedded with the OS.  Other options include (but not limited to) McAfee, Malwarebytes, Norton, etc. 

  • You dedicate a specific user account or designate a computer that only you will use to ensure state data cannot be shared with other household members.  The password must be complex and the device should be locked when it will be unattended.   

  • Be alert for phishing email and online scams that may use the current crisis to encourage opening suspicious files or links.  Protect your user credentials by not giving them out or entering them in unknown locations.   Continue to practice vigilance and confirm unexpected financial or information transfers. 

  • For more information on identifying Phishing attempts refer to the Phishing Quick Response Guide.  If you believe you have been a victim of a phishing attempt, follow your agency procedures or contact your IT department.

  • You only use remote tools and sharing technologies approved by your agency.  If you are considering another method, check with your agency IT before putting state data in a location or technology such as DropBox.
  • If you are using VPN, disconnect from it when not in use – it’s a shared resource that is limited.