The following is a list of Enterprise Technology & Standards Security Standards for teleworking/remote working provided for employees and supervisors to review when considering a teleworking proposal or working remotely. If an employee is submitting a teleworking proposal or working remotely they will need to review this information, then sign, along with their supervisor, acknowledging their comprehension and responsibility to adhere to these recommendations.
Please read the following procedures to ensure you understand the University of New Hampshire’s cybersecurity
standards, then sign to indicate that you have read, understand and will adhere to these best practices.
Once completed, the signed copy of the standards agreement (statements 1-15 below) along with the workplace flexibility proposal is submitted to the designated recipients.
ET& S Security Standards form for Teleworking/Remote Working:
- I will follow good cybersecurity practices as outlined here.
- I will use University-issued equipment whenever possible (i.e. University laptops).
- It is my responsibility to ensure that the equipment I use for teleworking meets all ET&S security requirements to include:
- Configure all equipment in accordance with the UNH Computer Prep.
- Encrypt all media (i.e. internal hard drives, external hard drives, flash drives).
- Enable all security features on equipment (i.e. passwords, screen locks, remote wipe).
- Enable all automatic operating system, application security and malware protection updates
- If I am unable to accomplish these security measures independently, ET&S can assist me. (Visit ET&S Desktop Management or call 862-4242). Customary service fees apply.
- I will not share University-issued equipment (i.e. with other family members).
- I will protect equipment from theft when not in use.
- I will protect all printed material from unauthorized access.
- I will log into the UNH VPN (Pulse Secure) prior to logging into University systems remotely.
- I will store all University information on University servers whenever possible. If not possible, temporary storage of non-restricted data on password protected and encrypted mobile devices (i.e. laptop, jump drive) are permissible with prior supervisor approval. Storage of restricted data on computers, external media and mobile devices must be approved in advance by ET&S Cybersecurity & Networking to ensure appropriate protections will be implemented.
- I will not use public computers to log into University systems that contain restricted information (i.e. Banner) or access these resources over public networks, and will not use passwords used for restricted environments on public machines or for other purposes.
- I will familiarize myself with phishing and vulnerability alerts provided by ET&S Cybersecurity & Networking and obtain training from CS&N if unclear about these standards.
- I will review the UNH Technology & Cybersecurity Policy information at: https://www.unh.edu/it/cybersecurity-networking/cybersecurity-policies-standards-and-procedures
- I will report all suspected compromises of computers or applications, including suspected breaches, immediately by calling 862-4242.
- I will review Cybersecurity & Networking training materials and this policy at least annually.
- My supervisor and I will verify my equipment’s configuration is secure to current ET&S cybersecurity standards at least annually.
Additional UNH Information Technology resources for teleworking or working from Remote Sites
- Email: UNH Exchange email is accessed using MS Outlook or through the Web using a web browser (i.e. Internet Explorer or Firefox). More information on MS Outlook is available on UNH IT's website for Exchange configuration.
- Computer Security: The UNH Virtual Private Network - Pulse Secure (VPN) is needed to access information in several systems from a remote site. The VPN should be used for all remote access to the university because it protects the communication between your computer and the campus.
- Checking Office Voice Mail
- Forwarding Your Office Phone
- Set up Zoom account
- CyberSecurity Updates (i.e. phishing examples and update alerts)