Working from Home or Remotely
Whenever information relating to TRU business is used outside of the office or the classroom, there is an increased risk of loss or compromise. TRU is required by the Freedom of Information and Protection of Privacy Act (FIPPA) to keep all personal information in its custody or under its control safe and secure.
All records relating to TRU business are subject to the access and privacy provisions of FIPPA even if they are created, sent, or received through non-TRU email accounts, or stored on personal devices.
Protecting Personal & Confidential Information
Deans and Managers have a responsibility with regard to safeguarding the privacy and confidentiality of TRU information whether in electronic or paper format.
Deans and Managers should take the necessary measures to ensure their faculty and staff members are aware of the information provided on this webpage, including TRU Information Security Standards and TRU Polices as outlined below to protect TRU information while working from home or remotely. This includes ensuring their faculty and staff members are working on devices (computers, laptops, tablets, phones, etc.) that meet TRU information security requirements.
These polices include but are not limited to:
- Responsible Use of Information Technology Facilities and Services
- Information Classification Standard
- Smart Phone Standards
- Mobile Device Standard
- Confidentiality of Student Information
- Records Retention/Destruction Policy
- Cloud Security Standard
Here are things you can do to protect personal information when working from home or remotely:
1. Physical Records
- Only remove information from the office that is essential to carry-out your job duties.
- If possible, take copies of physical records and leave the originals in the office.
- Store physical records in a locked filing cabinet or desk drawer that you have sole access to.
- Unattended documents on a printer or desk at home could lead to a data breach of personal or confidential business information.
- Upon returning to the office, return records to their original storage place as soon as possible and destroy copies securely by shredding them.
2. Privacy Safeguards
- Do not leave your laptop/computer screen unattended. Lock screen or logoff your work session.
- Do not share a laptop/computer used for work with family members and/or friends.
- Do not use your personal email as a means to transfer records containing personal or confidential information for work purposes.
- When using video conferencing:
- Users must get permission to record a video conference from everyone on the call. The intention of such recordings should be for note-taking only. If recording for other purposes all attendees should be notified about that purpose and give their permission for that recording.
- Personal or sensitive business information should not be discussed in public places or spaces that may include other members of your household.
- Any visible personal or confidential data must be removed from camera view.
- Cameras and microphones should be turned off when not in use.
- Review the Best Practices for Online Meetings and Classes webpage.
- Encrypt any electronic device that you use to store TRU information (personal or confidential business information). This includes, but is not limited to, home computers, USB flash sticks, and laptops. Contact the IT Service desk if you need assistance.
- Securely remove all TRU information from a personal computer once it is no longer needed.
3. Data Breach
If TRU records or personal devices containing TRU information/records are lost or stolen, immediately notify your supervisor and report the loss by email: infosecurity@tru.ca or privacy@tru.ca.
4. Information Security Guidelines
- When connecting to TRU resources outside the office, use a VPN connection. If you are uncertain about how to use the VPN, please contact the IT Service desk for assistance.
- Do not accept software updates that are triggered from a website or email, such as Java or Adobe Flash.
- Store your electronic device(s) in a secure location when transporting or travelling (e.g. trunk of a car).
- If using a home computer, ensure that your anti-virus/malware detection software is up-to-date, and you have applied TRU information security standards to your computer/device.
- Avoid using public charging stations (i.e. where a charging dock or cable is already provided), such as on a ferry or in an airport, as these are not considered safe for use, and may infect your device with a virus or malware.
5. Never Open Unexpected Attachments – Be Careful What You Click
Many attempted phishing and ransomware attacks appear in your inbox looking like an email from a person or service that you trust. If it looks unusual, feels unexpected, has any typos, or it just seems “odd”, then do not click any of the links.
One way to verify the link before you click it is to hover over a hyperlink in your inbox, without clicking. When you hover over a hyperlink, you’ll see the target URL in the lower-left corner of your browser or in a small pop-up in your email. Forward any unusual or suspicious email to infosecurity@tru.ca.
Recently, TRU has seen many malicious attempts that use COVID-19 subject matter as a means to get people to act. There have been attachments and links that claim to be from medical services indicating people may have come in contact with someone known to be infected with COVID-19. Be extra vigilant concerning these types of email messages and forward them to infosecurity@tru.ca.