Privacy & Information Security - Wherever You Work
Nearly every UBC faculty and staff member has access to confidential information. As the loss or disclosure of this information could be very harmful, you need to know how to protect it no matter where you are working.
Thanks to significant advancements in mobile technologies, more faculty and staff are working remotely than ever before. While this is a convenient arrangement, it can cause concern when users are accessing research, financial or personal information. This type of data is at a higher risk of being compromised, corrupted, or lost when accessed remotely.
As the University increases the support for a hybrid working environment (remotely, and in the office) – it is necessary to review some key privacy and information security reminders for all UBC employees. Security and privacy threats are pervasive, and the impact of a breach can be massive – for example, the financial impact of fines and lawsuits, reputational damage to UBC, loss of research, and of course potential harm to affected individuals.
Security Checks When Working in the Office
All Devices used for University Business—no matter whether they are owned by the University, by the User, or by a third party—must be protected from theft or unauthorized access. This is clearly mandated in Information Security Standard U7
- Physical security must be in place. For their protection, unattended Devices must be located in a room or other enclosed area that is locked or otherwise access-controlled; or a locked cabinet or other fixed container such as a locked server cabinet or cage.
- When away from your desk and while commuting, don’t leave your personal devices unattended.
- Always lock your devices when not in use: When you are not working on your mobile device, always ensure the screen is locked.
- Familiarize yourself with the other staff in your office and on the floor of the building that your office occupies. Introduce yourself to colleagues and frequent visitors. Kindly ask for UBC identification from any individuals that you don’t recognize.
Security Checks When Working Remotely
When working remotely, it is easy to forget how vulnerable the personal information on your devices can be. Here are a few tips to stay secure when working away from the UBC Network:
- Don’t trust the Wi-Fi: Stay alert when accessing personal information via public Wi-Fi networks, such as those in airports or coffee shops. If a ‘certificate error’ shows up when trying to visit a website or if you feel unsure about the safety of the network, do not use the connection.
- Never leave your device unattended: Thieves love to look for an easy grab to steal mobile devices; don’t give them the opportunity.
- Always lock your devices when not in use: When you are not working on your mobile device, always ensure the screen is locked.
- If you need to enable remote access to UBC systems, contact IT support staff to help configure access as specified in the UBC Information Security Standards.
- Do not open attachments that you weren't expecting, especially if they require a password to open. Contact the sender either by phone, or by sending them a separate email to a known email address (do not reply to the email you received) to confirm legitimacy.
- Do not click on links in messages. Always type the website address into your browser.
- If in doubt, forward the email as an attachment to security@ubc.ca
- If you think you have clicked on a potentially malicious link, contact security@ubc.ca immediately and reset your CWL password.
- Do not encourage users to click on links in messages by building them into workflows!
- Keep your passphrases and passwords secure by making each password strong and using multi-factor authentication whenever possible. It is recommended you use a password safe and/or password manager. Where possible, use a minimum 16 character passphrase.
- Get encrypted: If an encrypted device gets misplaced or stolen, the information remains scrambled until your password unlocks it. In most cases, encryption means that sensitive data remains secure even in the event of loss or theft.
- REPORT! REPORT! REPORT! Report information security incidents promptly to security@ubc.ca.
Go Further...
- Complete the full Fundamentals training to learn how to protect yourself and others
- Information Security Standard #3: Transmission and Sharing of UBC Electronic Information
- Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems [PDF]
- Stream a privacy and information security workshop