Remote Work

To minimize risks related to information security, employees working remotely should take all precautions to ensure that they access and manage university information securely, from a secure location, and using secured equipment. Employees working at alternate locations are expected to comply with all information security policies and standards.

Secure Equipment

  • Individuals working remotely should ensure the equipment they are using is properly configured, patched, free of viruses and malware, and reasonably safeguarded from them.
  • When possible, individuals should use VCU-issued, managed, and encrypted computers to conduct university business, especially when they routinely work with sensitive information.

    A list of recommended computers and accessories for hybrid and fully remote work has been created. Please consult with your local computer support technician to ensure model availability and applicable discount pricing is applied. 
  • University-issued computers: Please ensure that the computers are configured according to applicable Information Technology Policies, Standards, Baselines, and Guidelines.
    • All university-issued computers (desktops and laptops) used for remote work must be encrypted. IT departments managing computers must:
      • Deploy only encrypted remote-work computers in the future (i.e., net-new).
      • Remediate and encrypt any unencrypted remote-work computers by 1/1/2022.
      • If you cannot encrypt the remote-work computer by 1/1/2022, submit an Information Security Exception Request Form.
    • All university-issued computers used for remote work and handling sensitive information should have advanced endpoint detection and response software installed (e.g., Crowdstrike). If you need assistance installing Crowdstrike, please contact the ISO at infosec@vcu.edu.
  • Personal computers: The use of personal computers for work purposes is discouraged. If you do use personal computers for work purposes, please refer to the general computer security guidance for tips and tricks on keeping them safe.

Secure Workspace

  • A secured remote workspace should be established for remote work; such workspace should not be accessible by the general public. 
  • Employees should ensure their home WIFI is password protected. We do NOT recommend using public WIFI (e.g., Coffee shops or restaurants) to access sensitive work information. 
  • Lock your computer whenever you leave your workspace. Locking your computer can be used to protect it from unauthorized access. You can use the following keyboard shortcuts to lock your computer:
    • Windows 10: press “Windows Key  + L.” 
    • macOS: press “Ctrl + ⌘ + Q”
  • Paper documents and portable electronic storage media (e.g., USB drives) containing sensitive university information should be stored securely and locked away when the remote workspace is not occupied.
  • When sensitive university information needs to be disposed of, secure removal, such as shredding and physical destruction of storage media (e.g., USB drive, CD/DVD), is required. Please consult with the VCU Data Handling and Storage Standard and your local IT support unit for more information.

Secure Access

  • Sensitive data should not be included in electronic messages, such as email, unless some form of encryption is being used. To ensure an encrypted transmission of messages in email, an employee can add the word “secure” (without quotes) to the subject line of the email message sent from your VCU-issued Google email (Gmail) account.
  • All remote access involving data stored on the university network requires encryption. The university will provide an encryption mechanism, such as a VPN, appropriate for the level of access and the data involved.

Secure File Management

  • University-issued and encrypted computers should be used for work-related purposes. While limited personal use may be permitted, these computers should not be used by anyone other than the employee who is assigned the computer. 
  • Sensitive university data must not be stored on the employee’s personal computer; this may include attachments containing sensitive university information from an email. University-issued and encrypted computers configured and maintained by university IT personnel according to applicable standards and baselines should be used to conduct university business, especially any work involving sensitive university information.
  • Employees should practice using university-provided information systems (such as email systems, computers, VCU-provided file share, Google Drive, etc.) to collect, store, process, and otherwise handle university information. For guidance on how to store and handle university information securely, please visit the VCU Data Management System.

Software

Technology Services provides a software suite that enables remote work and collaboration while employees work off-campus.

Duo two-factor authentication

VCU uses two-factor authentication via Duo to provide an extra layer of security. Duo is required to access these resources.

Get started with Duo

General Software

Resource Description
Avaya IX Workplace (phone) Forward calls for your VCU phone number to your computer or cell phone. 
Email Use Google's powerful Gmail software to receive email from your desktop or mobile device.
Google Chrome Create profiles to maintain separate profiles between personal and work for bookmarks and saved passwords.
Google Drive Access, organize, collaborate, and share all your files, including sensitive data, from any device, anywhere.

Categorized software

Resource Description Category
App2Go Remotely accessible applications such as R, SPSS, etc. Productivity
Confluence Wiki Provides a platform to share information with your team on the web easily. Collaboration
DocuSign  Electronically receive, complete, and sign documents securely with automated workflow. Collaboration
Filelocker Conveniently and securely share large files with other people on and off campus. File transfer
Google Chat 1:1 chat or a dedicated group workspace Chat makes it easy to collaborate with your team in an organized way. Collaboration
Google Meet Host video calls using a computer or mobile device without any particular account. Calls can now include up to 250 participants! Collaboration
ImageNow A document imaging and workflow management tool used for efficiently capturing, organizing, and managing documents. Collaboration
Zoom Send and receive video and audio and share and annotate computer content in conferences with up to 300 participants.  Collaboration

 

Remote Access 

For certain types of work, applications, or services only accessible on-campus, individuals may require a VCU-issued and managed computer or the VCU Virtual Private Network (VPN) software on a personal computer. VCU-issued computers should be used to conduct VCU business. In addition to standardized security tools, these computers are equipped with an always-on remote access tool called ZScaler, which provides VCU employees with constant and consistent access to internal university resources over the Internet, regardless of the employee’s physical location. Details on remote access solutions are provided below.

Remote Access using VCU-Issued Computer

VCU-issued computers are equipped with the ZScaler remote access agent. They will provide you with location-agnostic, continuous, and consistent access to any university IT systems you can access. In addition to correct credentials and authorization, access to some high-sensitivity systems may require using a VCU-issued computer with the installed ZScaler remote access agent. With a new computer, you must log into the ZScaler agent once. Once that initial login is complete, no further login is needed in the future, and the only thing you need to do is to turn on your computer, connect to the Internet, and enter your username and password, just as if you were in the office.

The VCU ZScaler remote access agent is only available on VCU-issued and managed Windows and Mac computers. It is not available for installation on personal computers.

Remote Access using VPN

While VCU-issued devices can use the ZScaler remote access agent to seamlessly access university IT resources from a university-issued computer, the traditional VPN client can also access limited university resources from personally owned devices or when ZScaler access is unavailable. Utilizing the VPN allows users to appear to be logging in from within VCU's network. Two-factor authentication, Duo, is required to use the virtual private network (VPN). Currently, VPN sessions will time out after 48 hours, at which point you will need to reinstate the connection.

A VPN connection is not required to access tools such as Zoom, Kaltura, and Google G Suite (Gmail, Docs, Drive, etc.) or submit or manage tickets in Cherwell. However, we would like to reserve the VPN service only for people accessing applications that require it.

RamsVPN software and general instructions

Software That Requires VPN

Resources Description Category
File share Internal file storage. Request access to file share. Collaboration, Storage
Remote Desktop Remote access to internal Windows systems. Request access to remote desktop. Remote access

 

Have home network issues?

Your home network may not be as fast as what you were able to access at work. To maximize the available resources, follow the steps detailed in Technology Services' home network troubleshooting guide.

Training and Resources

The resources from Linkedin Learning listed below may be helpful for employees learning to work remotely. Please log in to Talent@VCU before clicking the links below.