The Framework for Staff Hybrid Work on the Staff Hybrid Remote Work Program page at case.edu/hr/worklife/staff-hybrid-remote-work-program includes the expectations, requirements, and qualifications for remote and hybrid work, including the following:
Workspace, Technology/Equipment, and Data Security
A department requesting a Hybrid and/or Fully Remote Work arrangement must ensure that the applicable physical space, technology, confidentiality, and data security requirements are met. The supervisor must confirm any security requirements with UTech and the Compliance Office to ensure the off-campus work site and/or networks meet evolving security requirements.
This document provides additional guidance and links to more information about security requirements.
Case Western Reserve University recognizes its crucial role as steward of the information it collects while engaging in its academic and research activities, no matter where those activities are performed. Remote work is work performed outside of the campus workplace, at times on devices or networks not belonging to or secured by the university.
University policies support the university's mission by establishing clear standards for individual conduct, supporting operational efficiency, promoting legal compliance, and mitigating risk. It’s important to remember that university policies apply even when working remotely. University policies may be found here: case.edu/compliance/university-policies
Policies and recommendations specific to computer security requirements are based upon the type (Public, Internal Use Only, Restricted and Restricted-PHI) of information being accessed or used, and are available here: case.edu/utech/departments/information-security/policies/iii-1-information-types-and-sensitivity
Sensitive information can refer to Restricted or Internal Use Only information that isn’t meant to be used or shared beyond the members of a conversation, small workgroup, office, or department. It can also mean intellectual property belonging to an individual.
For IT Help or to Report a Security Incident or Concern
If you receive fraudulent phishing emails: delete them, mark them as spam or phish, or forward them to email@example.com. For more anti-phishing information, definitions, and examples, visit security.case.edu.
Secure Remote Work Guidelines:
- Preferred Technology: University-owned and Managed: The preferred technology for remote work is a university-owned and university-managed computer (laptop or workstation), as it will be running the latest anti-virus software, be configured for best security, and be kept up-to-date and patched automatically by the university. This is especially important for those who work with sensitive and financial information. A university-owned computer is required if processing "Restricted" information. Remember that you have a responsibility to protect the confidentiality of all data that you use and have access to.
- Secure Home/Remote Use and Software:
- University-managed Computer Usage: University computers are intended for business and may not be shared with others, including family members. Be sure to notify the UTech Service Desk if you suspect updates to your university-computer are not being applied, or if you have any other cybersecurity concerns.
- Personal Computer Usage: When using a personally-owned computer, make sure your connection to university resources is secure, and follow best-practices for securing your device by having an active personal firewall running plus up-to-date antivirus software, and by maintaining current computer and software updates/patches. Also utilize the locked screen feature when away from the computer and do not share the computer with other family members.
- Remote Access: Remote access to university resources can be accomplished via the following methods. Note that remote access to private university resources requires DUO multi-factor authentication.
- Secure web interface: Use HTTPS and look for the lock in your browser address bar. For example, you should always see https:// or the lock icon when connecting to https://webmail.case.edu, https://canvas.case.edu, https://hcm.case.edu, etc., and the Case home page to at https://www.case.edu.
- The MyApps secure portal: Go to myapps.case.edu to access published applications or secure virtual "VDI" desktops.
- Secure Virtual Private Network (VPN): Use the university VPN client to establish a secure network connection from off-campus networks. If not installed yet, visit vpnsetup.case.edu
- Secure Networks: Do not use unsecure, public Wi-Fi (such as in restaurants, coffee shops, etc.) unless you are using a secure VPN or the MYAPPS secure portal. Make sure your home router is running a firewall configured for “default deny-all” to block all unrequested internet traffic, and that your Wi-Fi is secured with a strong password (greater than 10 characters, mixed upper and lower case, numeric and symbols) and strong encryption. For the encryption type, use WPA2. There are different types of WPA2, all are fine. Make sure you keep your home router and wi-fi software up to date, even if you are simply using your home computer to check your university email.
- Links: Be very careful when clicking links—even more careful than when working on campus. Be aware of URLs and website addresses when accessing sites on the internet. Do not visit sites you wouldn’t browse during the normal course of your work. We have specific protection mechanisms in place within the university environment to protect against "known bad" sites—those protections don’t extend to your home network. Use more caution when working from home or when connecting to the university network with a personal computer.
- Handling Sensitive Information: Do NOT save sensitive information on a personal computer. Sensitive Information may include personally identifiable information, such as social security numbers, and HIPAA, as well as tax information, student information (except directory information), confidential and privileged information, etc. While it may make it easier to access, it is vulnerable to loss, corruption, cyber-attacks and viruses. Make sure sensitive information is only being stored on approved storage locations. More information about information types and sensitivity may be found here: case.edu/utech/departments/information-security/policies/iii-1-information-types-and-sensitivity
- Keep Devices Secure: Protect remote devices against theft by keeping your doors and windows locked, and devices out of sight. Do not leave a laptop or cell phone in your car overnight. Call the Service Desk immediately if a university device or university data is lost or stolen.
- Using DUO: Use the PUSH feature when using DUO 2-factor for authentication or download and use the codes generated in the smart-phone DUO app in areas not covered by cellular service.
- Remote Teaching And Working: Resources for remote teaching and working, including security advice may be found here: case.edu/utech/resources/remote-work-essentials-checklist
- Cell Phone Security Advice: The university cell phone security guideline may be found here: case.edu/utech/departments/information-security/policies/iii-5b-mobile-device-configuration-standards
- Additional Security Advice: Additional security advice is periodically posted in The Daily at thedaily.case.edu, and posted or linked at security.case.edu