弹性工作制安全指南

随着大学过渡到校园和远程工作的混合工作模式, 重要的是尽量减少对大学和个人信息的任何风险. 本文档概述和整合了安全计算的指导和提示, 通常是从我们已建立的MSU计算策略中提取的.

客户端工作站使用

什么时候我应该使用大学发行的工作站，而不是个人工作站?

We strongly recommend that employees who have a desktop or laptop issued and managed by the 大学 should use that machine for all business and education-related activities, 无论是远程工作还是在校工作. These machines are centrally managed by IT and/or your college’s local technology team and are configured with additional security settings that may 不 be present on a personally owned or personally configured machine.  员工 should avoid sharing their 大学-issued computer with family members or using it for non-work related activities like casual web browsing, 流媒体娱乐, 网上购物, 等. 因为这些活动会增加暴露于恶意软件的风险.

员工 必须 报告错位, 盗窃, or loss of a 大学-issued device (or any device that has been used to store 大学 related information) to their local police station (or 大学 campus police if the loss occurs on campus), 他们的直接主管, 和IT服务台(或你所在学院的当地技术团队)尽快联系. 请在收到出具的警方报告后提供.

We also strongly recommend that use of personally acquired/managed computing devices (including personally managed computers acquired with 大学 grant or startup funds) and public machines (such as a shared library workstation) for work-related duties be limited to:

a. 访问您的大学电子邮件帐户

b. 浏览公共网页/互联网

c. 访问校园应用程序(NEST, Banner等.)和经批准的云服务
(Google Calendar, Google Drive, Canvas, Workday, Zoom等.)和你的NetID

d. 开发教育材料或进行不涉及敏感的研究
大学的数据

You are accountable for following the guidelines below whether using 大学-managed or personal computing devices for work-related purposes.

客户端安全提示

工作站  (e.g. 笔记本电脑 和桌面)

1. 在使用电脑时，是否 由学校管理或自行管理:

a. To minimize risk of data loss or compromise due to hardware failures or security exposures, 避免保留数据 在设备的内部存储(C: drive). 相反，将大学数据存储在MSUFiles文件服务器或Google Drive上. 如果您临时从中央存储位置复制了文件(例如.g. MSUFiles), please delete them from the device’s internal storage when you are finished working with them.

b. 在不积极使用客户端设备时注销它.

c. 显式地 将笔记本电脑设置为休眠/关机模式时，不积极使用(即, do 不 just close the laptop cover) to ensure full Windows Bitlocker or MacOS FileVault encryption protection.

d. 不要把正在运行的笔记本电脑放在私人和安全的工作空间之外无人看管.

e. Perform a full reboot of the client device at least once every few days to ensure that security, 定期更新操作系统和其他应用程序.

2. 当使用 大学-managed电脑:

a. Apply all updates when prompted by the system as they are distributed via the 大学’s device management system.

b. 如果授予本地管理访问异常, 不安装与工作无关的应用程序, 插件, 或者其他软件.

3. 如果使用 个人(非大学管理的)计算机 工作需要:

a. Make sure your computer is kept up-to-date with all operating system and software patches, 每周或更频繁地应用.

b. Do 不 access sensitive data using personal computers that can不 be updated with the latest patches and/or are 不 运行最新支持的操作系统.

c. 始终使用杀毒软件，并检查它是否正在运行和积极更新. If you do 不 have anti-virus software, you can download Sophos Antivirus by logging into the MSU软件存储程序y.

d. 不要在你的设备上存储任何敏感的大学数据.  而是通过Google Drive和/或 MSUFiles (包括共享O:和共享N:驱动器). 

e. Do 不 使用您的NetID密码登录到 你的个人电脑 或任何其他个人网上帐户登录. This can help to protect your NetID account if 你的个人电脑 is compromised by malware or other security issues.

流动装置(e).g. 智能手机、平板电脑)

无论是使用学校发放的还是个人手机/平板电脑，f或保护大学数据以及您自己的数据(例如.e. 联系人列表，日历，照片，文本等.), enable screen-lock on the device using either a PIN or biometric (face or fingerprint recognition) feature.  也, regularly update the device to the latest version of the operating system to ensure patching of any known security vulnerabilities.

避免访问 sensitive data from mobile devices and/or tablets that have 不 been updated to the latest operating system.

数据处理

If there is a need to share files that contain sensitive information with other MSU employees, 不要使用未加密的电子邮件. 而是使用 MSU文件鹰 安全的文件分发系统位于:

 http://msufilehawk.十大博彩推荐排名.edu 

有关如何发送敏感信息的概述，请参见 MSU文件鹰 网站.

另外, 您可以通过将敏感信息移动到加密附件来安全地发送电子邮件, e.g. 使用Microsoft Office文档或adobeacrobat加密功能, 然后通过其他方式交流密码，或者至少通过单独的电子邮件.  这个过程的概述可以在我们的 如何密码保护和加密文件 文档.

始终存储敏感信息 on the MSU-managed central file server known as MSUFiles (including Shared O: and N: drives) 或者使用经过批准的云服务，比如密歇根州立大学的谷歌工作空间(Google Workspace).e. Google Drive). Google Drive may be used to store most work-related 文档s with the exception of highly sensitive information classified as “Private”, such as social security numbers or health information (refer to the 数据分类和使用政策 for full list).  “私人”信息应存储在msu文件中.

远程网络接入

1. Be very cautious when connecting to wireless networks off-campus in public spaces such as restaurants, 机场, 等. 这些公共无线网络通常不使用安全连接 (i.e. 加密)在您的设备和无线接入点之间. This means it is possible for information traveling between your device and the access point to be intercepted and viewed.
2. 确保你已经在家庭无线网络上设置了密码, which will prevent unwanted access to your home or apartment  WiFi network by neighbors or anyone within range of your wireless router’s signal.

VPN:对校内限制访问的应用进行远程访问

To access an application remotely that is restricted to only on-campus use (such as MSUFiles, 呼叫中心软电话, 一些Banner/NEST函数, 以及报告工具(如COGNOS和Tableau)。, 必须先通过VPN业务连接到校园网. You can connect to the campus VPN  by launching the “Cisco AnyConnect” VPN application on your university-managed device and logging in with your NetID and password. You will also need to use DUO multi-factor authentication when logging into the VPN by typing the word “push” into the 2nd password field of the AnyConnect client application.  请参阅以下VPN用户指南了解更多信息:

http://nmz.liuyang1999.com/information-technology/campus-vpn-remote-access-guide/

如果您需要在您的个人电脑上安装VPN客户端软件, please refer to the section in the guide on “Connecting to the VPN with Cisco AnyConnect” and select your operating system.

保护自己免受网络钓鱼

1. 1. 在阅读电子邮件时，要格外警惕可能的网络钓鱼诈骗信息.
   2. Do 不 click links or download files attached to an email that you are 不 expecting or from someone you do 不 recognize. 如果您不确定，请先尝试直接联系发件人.
   3. Move your cursor over a URL/link and check that the resulting link displayed (usually in the bottom bar of your browser or email client) does 不 appear suspicious.
   4. Continue to be aware of “social engineering” attacks such as someone posing as a colleague or manager and asking you (often with a sense of urgency) to provide information or perform uncommon tasks (e.g. “请购买四张礼品卡，寄到这个地址.”)

在哪里可以找到更多有关大学资讯保安政策的资料?

所有与信息安全相关的现行政策, 敏感数据的处理, 及一般使用指引，可浏览大学的政策网页:

http://nmz.liuyang1999.com/policies/category/technology/

The three policies at the above link that are most relevant to flexible or remote working are:

1. 1. 负责任地使用电脑政策
   2. 数据分类和使用政策
   3. Google Drive使用指南