Remote Work
To minimize risks related to information security, employees working remotely should take all precautions to ensure that they access and manage university information securely, from a secure location, and using secured equipment. Employees working at alternate locations are expected to comply with all information security policies and standards.
Secure Equipment
- Individuals working remotely should ensure the equipment they are using is properly configured, patched, free of viruses and malware, and reasonably safeguarded from them.
- Individuals should use VCU-issued, managed, and encrypted computers to conduct university business, especially when they routinely work with sensitive information. A list of recommended computers and accessories for hybrid and fully remote work has been created. Please consult with your local computer support technician to ensure model availability and applicable discount pricing is applied.
- Please ensure that university-issued computers are configured according to applicable Information Technology Policies, Standards, Baselines, and Guidelines.
- All university-issued computers (desktops and laptops) used for remote work must be encrypted. IT departments managing computers must only deploy only encrypted remote-work computers.
- All university-issued computers used for remote work and handling sensitive information should have advanced endpoint detection and response software installed (e.g., Crowdstrike). If you need assistance installing Crowdstrike, please contact the Information Security Office at infosec@vcu.edu.
Secure Workspace
- A secure remote workspace should be established for remote work; such workspace should not be accessible by the general public. See the Physical Security Standard for additional information.
- Employees should ensure their home WIFI is password protected. Using public WiFi (e.g., Coffee shops or restaurants) to access sensitive work information is NOT recommended.
- Lock your computer whenever you leave your workspace. Locking your computer can be used to protect it from unauthorized access. You can use the following keyboard shortcuts to lock your computer:
- Windows 10: press “Windows Key + L.”
- macOS: press “Ctrl + ⌘ + Q”
- Paper documents and portable electronic storage media (e.g., USB drive, CD/DVD) containing sensitive university information should be stored securely and locked away when the remote workspace is not occupied.
- When disposing of sensitive university information, secure removal (such as shredding and physical destruction of storage media) is required. See the VCU Data Handling and Storage Standard and your local IT support unit for more information.
Secure Access
- Sensitive data should NOT be included in electronic messages, such as email, unless some form of encryption is being used. To ensure an encrypted transmission of messages in email, an employee can add the word “secure” (without quotes) to the subject line of the email message sent from your VCU-issued Gmail account.
- All remote access involving data stored on the university network requires encryption. The university will provide an encryption mechanism, such as a VPN, appropriate for the level of access and the data involved.
- Many VCU software systems require "two-factor authentication" through Duo.
Secure File Management
- University-issued and encrypted computers should be used for work-related purposes. These computers should NOT be used by anyone other than the employee who is assigned the computer.
- Sensitive university data must NOT be stored on the employee’s personal computer; this may include attachments containing sensitive university information from an email. University-issued and encrypted computers configured and maintained by university IT personnel according to applicable standards and baselines should be used to conduct university business, especially any work involving sensitive university information.
- Employees should practice using university-provided information systems (such as email systems, computers, VCU-provided file sharing service(s), Google Drive, etc.) to collect, store, process, and otherwise handle university information. For guidance on how to store and handle university information securely, please visit the VCU Data Management System.
Software
VCU Technology Services provides a software suite that enables remote work and collaboration while employees work off-campus.
General Software
| Resource | Description |
|---|---|
| Avaya Workplace (Phone) | Forward calls for your VCU phone number to your computer or cell phone. |
| Gmail (Email) | Use Google's powerful Gmail software to receive email from your desktop or mobile device. |
| Google Chrome | Create and maintain profiles across devices for bookmarks and saved passwords. |
| Google Drive | Access, organize, collaborate, and safely share files (including sensitive data) from any device, anywhere. |
Categorized Software
| Resource | Description | Category |
|---|---|---|
| App2Go | Remotely accessible applications such as R, SPSS, etc. | Productivity |
| Confluence Wiki | Provides a platform to share information with your team on the web easily. | Collaboration |
| DocuSign | Electronically receive, complete, and sign documents securely with automated workflow. | Collaboration |
| Filelocker | Conveniently and securely share large files with other people on and off campus. | File transfer |
| Google Chat | Chat with colleagues one on one or in a group setting, including options to establish a "space" for ongoing group conversations. | Collaboration |
| ImageNow | A document imaging and workflow management tool used for efficiently capturing, organizing, and managing documents. | Collaboration |
| Zoom | Send and receive video and audio, plus share and annotate computer content in conferences with up to 300 participants. | Collaboration |
Remote Access
For certain types of work, applications, or services only accessible on-campus, individuals will require a VCU-issued and managed computer. VCU-issued computers should always be used to conduct VCU business. In addition to standardized security tools, these computers are equipped with an always-on remote access tool called ZScaler, which provides VCU employees with constant and consistent access to internal university resources over the Internet, regardless of the employee’s physical location.
ZScaler provides users with location-agnostic, continuous, and consistent access to any university IT systems you can access. In addition to correct credentials and authorization, access to some high-sensitivity systems may require using a VCU-issued computer with the installed ZScaler remote access agent.
With a new computer, you must log into the ZScaler agent once. Once that initial login is complete, no further login is needed in the future. Simply turn on your computer, connect to the Internet, and enter your username and password.
Note: Your home network may not be as fast as what you are able to access from an on-campus location. To maximize the available resources, follow the steps detailed in Technology Services' home network troubleshooting guide.
Training and Resources
VCU provides asynchronous online learning resources to support employees in working effectively in a remote or hybrid environment. Please log in to Talent@VCU before accessing the links below.
- Remote working for employees
- Remote working for managers
- The VCU core competencies curriculum helps develop foundational workplace skills that can be especially helpful in a remote work environment.