Remote Work

Remote Work

UCCS uses the best technology to protect data and secure information on campus. Working, teaching, and learning away from campus poses risks to securing information.  However, when working remotely (also known as telecommuting or teleworking) can help keep the University's operations running from afar. Though potentially of great benefit to your department's operations, it's essential that all remote work be performed in a secure computing environment. It is not only the IT teams’ responsibility but yours as well to ensure the security of data and information. Because, by any chance, if confidential information is leaked, it can lead to financial, legal, and reputational risk for you and the University. 

We recommend that the campus community follow these best practices when engaging in activities remotely to help reduce the chance of the data or secure information you handle be compromised. 

This Website was developed to provide information and tips to assist the campus community in the safe practices and where to find information when working remotely.  The key areas that will be covered are

Technical Safeguards (Technology Tips)

University employees should be especially vigilant regarding the security of information and devices while working remotely. The best place to start is OIT’s Information Security Office Getting Set-up for Working Remotely website or  Work from Home, Securely website.  

Follow these below-mentioned technology tips when working remotely to avoid such a disaster. 

1. Protect your devices 

Make sure you work with UCCS’ OIT to ensure that your device (computer, Chromebook, iPad, Surface, etc.) is properly protected with antivirus and that your operating system is up to date.  

Using an antivirus and having an up-to-date operating system is a worthwhile idea for employees working from home to help protect their sensitive data. Installing reliable antivirus software will provide security against several threats, including Ransomware Attacks, Malware, Spyware, Trojans, Phishing Attacks, Rootkits, and other Cyber Threats. 

It also prevents unwanted and malicious actions that can affect your device’s performance and important data. An antivirus detects and recognizes the virus and efficiently removes or blocks it from your system. An antivirus acts as a security guard for your system that fends off most of the malicious software and attacks. 

2. Protect your information 

When exchanging regulated, sensitive or personal information over email (e.g. birth certificates, applications to open accounts, or secure loans), make sure to protect your documents and information with encryption through Microsoft Office or LionShare (https://oit.uccs.edu/services/file-transfer-and-storage/lionshare). 

You should only use your UCCS email when conducting university business.  

3. Configure Wi-Fi Encryption 

The first step for working remotely is to utilize encrypted Wi-Fi and protect it from prying eyes. An attacker who connects to your Wi-Fi can intercept all your online activity from your browsing history to all the official documents you email to anyone who is a member of the campus community or those who are outside the campus community (those who have email addresses that do not end in uccs.edu). 

Please note that some protection standards might be outdated, so the best way to protect your network using the WPA2 standards. 

Along with encryption, your Wi-Fi connection should also be password protected. Your password should be strong and should be changed from the vendor default. UCCS IT Security recommends using 12 or more characters for your Wi-Fi password. 

4. Change Your Router Password Often 

If you have not changed your router password for long, now is the right time to do so. Not changing your password for long makes it easier for people to guess and gain access to your network. Also, if you have not changed your router Administrator password, you should. UCCS IT Security recommends using 12 or more characters for your Router Administrator password. 

5. Two-Factor Authentication 

UCCS uses two-factor authentication to add an extra layer of security protection. UCCS uses conditional multifactor authentication (MFA) applied to Office365, you will only be promoted upon certain conditions. What is MFA; the user needs to enter their credentials and then Microsoft will verify it is the correct user by SMS or the Microsoft Authenticator application for mobile devices.   

6. Don’t Mix Personal and Professional Life 

Please do not use your work laptop for shopping online or accessing your Facebook, Instagram, or other social media accounts. Mixing personal and work items can cause a mistake, which can prove to be costly. For instance, you can send a confidential official document to someone on your Facebook. 

7. Lock Your Device – Lock before you walk 

Someone can look at your work even if you’re taking a bathroom break. Thus, it is essential to ensure that your screen is locked whenever you leave your device unattended. There are low chances that this will happen with your family members in the house, but you cannot take any chances. 

Working from home means that outsiders have minimal access to your room, but it is always good to lock your device. Even your child or another member of the household can delete a critical file by mistake. 

8. Spot Scams / Phishing 

You can receive spam or Phishing emails aimed at tricking you into doing something that compromises the security of your data. There has been an uptick in Phishing attacks that take advantage of the COVID-19 pandemic. Be wary of phishing attacks that pretend to be from the UCCS OIT department and of scams that try to trick you into making donations to fraudulent organizations or causes or revealing sensitive information. Protect yourself and your information by using caution when opening emails and attachments. When in doubt, throw it out. 

For instance, attackers might disguise themselves as someone from the UCCS OIT department and send an email where the user is required to change his or her password, wherein they can get access to it. Verify such things by contacting the IT Security team at security@uccs.edu ; reporting such things will also protect other employees who are less vigilant. 

9. Practice safe video conferencing 

Use UCCS / CU -approved and licensed enterprise video conferencing tools, such as Zoom or Microsoft Teams which offer protections for your security and privacy and follow suggested best security practices. Be aware of others in your household when using such tools, including digital assistants, to protect confidential or proprietary information. In addition, remember to lock your screen when not using your computer. 

Beware of Zoom bombing - this amazing video conferencing tool has also made online trolling attacks easier. Zoom bombing means crashing your video conference by broadcasting vulgar content or pornography and bombarding public video calls. To prevent Zoom bombing, avoid posting meeting links and meeting IDs on public forums. There are some easy ways to eliminate the chances of crashing your digital meeting by using password protection and limiting screen sharing abilities. 

When you are using this video conferencing tool, make sure the meeting is private by controlling guest access from a waiting room and keeping your Zoom meetings private. Zoom also has built-in tools that give the host the freedom to control what each participant can do in their meeting. It will protect your Zoom calls from cybercrimes and outside harassment. 

10. Standard Storage Location 

Storing your data in a centralized storage location will make it easier for remote workers to control ownership, access, availability, and security issues.  All the UCCS Campus Community should store their important files and data in Microsoft OneDrive to save files, folders, and important media. OIT Security also, highly, suggests using Microsoft Teams for collaboration and communication. Using these cloud-based tools is the best way to ensure sensitive data is stored and protected.  In addition, employees can keep their data protected and access files from different types of devices. UCCS OIT does not recommend saving sensitive data on your local Hard Drive. If the Hard Drive fails it is much more difficult to recover the data, sometimes impossible. 

Reminder - Do not store university records or sensitive data on personal jump drives, flash drives, external hard drives, or any other drive or device that you have at home. 

11. Virtual Private Network (VPN) 

It’s always good to be extra cautious while accessing official data. To add an additional level of Security, UCCS OIT highly recommends utilizing our VPN. 

To help prevent attackers meaning to harm you and compromising your data, it is good to use a VPN. Using a VPN encrypts your data automatically (regardless of your network settings), and outsiders will not be able to read it. To access UCCS VPN navigate to https://oit.uccs.edu/services/network-and-internet/vpn   

Back to top

 

Physical Safeguards

Physical safeguards are just as vital as administrative and technical safeguards since they ensure that data is physically safeguarded. 

1. Protect printed records 

  • Paper records containing confidential or controlled information must be protected. 
  • Refrain from printing or having printed records/documents at home unless absolutely necessary. If you must have printed university records at home, follow the guidelines below for managing those securely. 
  • If you share a printer with someone in your home, remove printouts containing confidential or controlled information immediately. 
  • If the paper is the university master record, you must discuss disposal with your supervisor or the UCCS Registrar’s Office before you destroy or shred it. 
  • Retain paper documents in a secure place until you can: 
  • Return to the office and place in a secure shred bin. 
  • Shred on your personal shredder, provided this is cleared by the supervisor. 
  • Paper records containing confidential or controlled information must be removed from the desk and protected when the desk is unoccupied or at the end of your workday. 
  • Do not throw paper records that contain Personally Identifiable Information (PII), Protected Health Information (PHI) controlled or confidential data in your trash or recycle bin. 
  • Whiteboards containing confidential or controlled information should be erased or protected from view or access by others, even at home. 

2. Protect your conversations 

  • Use a headset or earbuds so others in your home or remote work location cannot overhear others on the conversation. 
  • Try to find a place where others in your house or location cannot overhear you when you are discussing confidential or controlled information (or anything, for that matter: try to be courteous). 
  • Do not discuss confidential or controlled information where it can be heard by baby monitors, virtual assistants such as Alexa, Google, and Cortana, or other recording devices in your home.

3. Physical security 

  • Lock the doors and windows in your home. 
  • Use privacy screens for your computer to protect your information. 
  • Make certain no one can look over your shoulder or through a door or window at confidential or controlled information on your computer or device. 

Back to top

Human Resources

For specific information related to Supervisor Guidelines for remote work – visit the UCCS Supervisor Guidelines for Remote Work HR Website.

From flexibility to productivity, there’s a wide range of positive outcomes that can be found in remote work: 

Talent Acquisition—It’s not always easy to find top-rated talent, especially for unique roles. However, many companies are finding that openness to a more relaxed and flexible work-from-anywhere schedule can attract highly talented and qualified employees who might look elsewhere, especially Millennials. 

Higher Focus—While employers might assume that working remotely might cause employees to be less focused, many are finding that removing daily in-office distractions that can occur from shared workspaces to meetings to exhausting commutes can create more focus and attention on work tasks.  

Innovation—When team members are distributed in various locations that lend to their specific needs and likings, a unique spirit of creativity and innovative thinking can emerge. Office environments that lack in bright aesthetics or design can sometimes quench creative ideas from being birthed. 

Employee Retention—Employers who have dedicated and highly-qualified employees don’t want to lose them. When life changes occur that can expand the need for flexibility in an employee’s life, they can easily be drawn to other companies that might offer the schedule and environment they need or desire. One-way employers are finding they can retain quality talent is by allowing a remote work policy. Not only can it show a dedicated employee that they are trusted, but it will inspire them to want to produce great work results. 

Back to top

 

Student Information (FERPA)

Education Records are those records, files, documents, and other materials which contain information directly related to a student; and are maintained by an educational agency or institution or by a person acting for such agency or institution.  Educational records are not dependent upon the location where they are created, so student records created while working remotely are subject to the Family Educational Rights and Privacy Act (FERPA).    Department of Education/FERPA Guidance on Remote Work and Privacy - best practices on virtual access of student records, and how to ensure that institutions continue to adhere to FERPA under changing work environments. The U.S. Education Department's Student Privacy Policy Office (SPPO) hosted a FERPA & Virtual Learning Webinar  to review some frequently asked questions on FERPA and implications for distance learning due to universities offering more opportunities for educators and the increased offering of distance education.  SPPO also shared updated guidance and available resources on virtual learning and FERPA; the department also highlights its security best practices.

The UCCS Registrar is the institutional official for FERPA matters for additional information related to FERPA please visit the Registrar's Website at https://registrar.uccs.edu/ferpa-the-family-educational-rights-and-privacy-act

For assistance with classroom or teaching instruction please contact the UCCS Faculty Resource Center (FRC) at  frc@uccs.edu  The FRC has also developed a Remote Teaching Team with many helpful resources -  Remote Teaching | Faculty Resource Center (uccs.edu)

Back to top

 

 

Telehealth (HIPAA)

For many providers, the COVID-19 pandemic has accelerated the use of telehealth to serve patients and families.  With the federal policy changes it has made it easier to care for patients who may not be able to make it into the clinic.  In addition to all the other helpful tips on this webpage, below are some tips to ensure a successful video visit: 

Determine if the patient is a good telehealth candidate 

It’s up to each healthcare provider to gather enough information to make appropriate medical decisions. Refer the client/patient to in-person care if you determine a telehealth visit is not adequate to provide accurate support and care for the client/patient. 

Here are some things to consider: 

  • Is the client/patient in a private location? Do not provide telehealth services when a client/patient is driving or in a public location. 
  • Does the client/patient have access to the internet and a computer or mobile device? 
  • Do you have the correct licensure for the state in which the client/patient is located?  

Prep your virtual exam room/office for the visit 

Take a few steps to prepare your environment for an optimal video experience: 

  • Check for clutter and any personal health information visible in the camera frame. Consider activating the virtual background if necessary. 
  • Check your self-view and make any needed lighting adjustments so your face can be seen clearly. 
  • Test your device for sound and video. Most devices have built-in microphones and speakers, but you may have to turn them on before use. Using headphones may result in better sound quality. 
  • Be aware of the position of your devices. If you’re using two screens, ensure they are positioned optimally so you can look back at the patient frequently when documenting. 
  • Shut your door, if possible, and hang a sign indicating a video session is in progress. 
  • Once the visit begins, be mindful that any typing from charting or notetaking will likely be picked up by the microphone. 

Perform some housekeeping 

Once the session begins, you’ll need to start with a few housekeeping matters: 

  • Verify you are with the correct client/patient by using two patient identifiers such as full name and date of birth. 
  • Obtain consent for the telehealth visit from the client/patient. 
  • Explain to the client/patient that the video visit is not recorded, meets HIPAA requirements, and cannot be posted or forwarded. 

Ensure comfort and privacy 

For both the provider and the client/patient, this visit will certainly “feel” different than a typical encounter. Acknowledge then take some steps to increase comfort: 

  • Your usual techniques to connect with clients/patients can translate well on video.  
  • To help the family client/patient feel more comfortable – particularly if the session/exam will require clothing to be removed or discussion of sensitive information – ask non-essential staff and family members to leave the respective rooms. 
  • If others are in the room, introduce everyone in the location. Ask the client/patient to do so as well for anyone who is in the room but off-camera and in the microphone’s range. 

Double down on communication 

Communication is always important – but doubly so during a video exam. Be engaging and encourage cooperation from the client/patient throughout the session/exam: 

  • Be comfortable giving the client/ patient direction to improve the experience. This could mean asking them to adjust lights; move closer or farther from the camera; remove objects obstructing your view; or speak more loudly. 
  • Let the client/patient know they may hear you typing but this is because you want to accurately document the visit. 
  • Make eye contact with your camera, not the patient’s eyes. 
  • Do not cover your camera or mute your microphone; this could make the client/patient feel you’re not giving them your full attention.   

Back to top

 

Administrative Safeguards

Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect sensitive information /data and to manage the conduct of the universities employees in relation to the protection of that information.  

Relevant University Policies  

CU Administrative Policy Statements  

UCCS Related Policies  

Back to top

Conclusion

Remote work does not put your data at risk if remote workers are educated about the best practices. Remote working requires the employees to be vigilant and aware, and the tips mentioned above are sure to make your remote working experience smoother and more secure. 

Back to top