Working From Home Securely
The Canadian Centre for Cyber Security, external link and recent reports from the Communications Security Establishment, external link are highlighting an increase in attacks that prey on pandemic concerns and university researchers. The attacks are designed to take over computers, defraud victims of funds and steal data. To help you stay safe, we’ve gathered cybersecurity tips and helpful hints for maintaining privacy and records as you work from home.
- For file storage, use Google Drive and follow best practices for file sharing—only give individual people as much access they’ll need to complete their part in a project or task. For instance, if someone need only be aware of content, grant them “view only” or “comment” access. Confidential files should never be shared with everyone at Ryerson or have a public setting. When you’re viewing a file, check the Share button for a link icon under the figure of a person.
If there is a link, click the Share button to review who has access and turn off link sharing where necessary.
Alternatively, if your faculty or department has been utilizing Central File and Print Services (CFAPS) to access the S and U drives, you can access your files securely from off-campus. Find more on the Accessing CFAPS Folders page.
- Use Google Meet or Zoom for meetings by web conference. Use Google Hangouts for instant messaging.
- Refrain from using social media platforms to conduct Ryerson business or team communications.
- Limit the use of instant messaging (IM) technology other than Hangouts to conduct Ryerson business. If you must use another IM, please be aware that the technical controls for data protection and retention with these systems are often very limited.
Tips when using IM:
- Treat your IM conversations as though they’re happening in public spaces such as hotel lobbies or local coffee shops—while some level of privacy can be expected, there isn’t a whole lot since intentional or unintentional eavesdropping cannot be prevented.
- Only IM platforms that offer end-to-end encryption should be used for business communications.
- Never disclose your passwords to anyone, including friends and family.
- Lock your computer screen before you leave it or when it’s not in use.
You may also wish to review how to classify data you work with as high, medium or low sensitivity information along with tips on limiting data exposure.
Please review the university’s Records Management Policy and the Freedom of Information and Protection of Privacy Act, external link. With almost everyone working offsite, we’d like to remind you to take extra care to protect confidentiality and personal information. Below are some guidelines to help ensure that employees are maintaining records and safeguarding information appropriately.
- Employees working from home should ensure that other members of their household do not have access to confidential or personal information. Do not leave information unattended in your vehicle or at home.
- Try not to use shared devices when possible, but if necessary, ensure that you have a unique user profile that is password-protected.
- If you are dealing with hard copy documents, take extra precautions to safeguard the information and limit access.
- Assign a notetaker for all remote meetings.
- The notetaker should take attendance and document key discussion items, action items and decisions.
- Following the meeting, the notetaker can circulate their notes to other attendees to ensure all important information was captured accurately.
- If you are using a personal device for work-related business, you are still generating Ryerson records that must be maintained according to normal records retention practices.
- If you are using messenger or other text message systems such as Hangouts, these are records and should be maintained according to normal records retention practices.
- Google is a recommended tool for managing information. If documents need to be shared with external parties, they can be shared via a link with specific and timed limitations. Learn how to stop, limit or change sharing in Google Drive, external link.
- For more assistance using Google tools, contact CCS or ask a colleague who knows how to use the tools.
- To help keep records organized, apply proper file naming conventions. For tips on naming and organizing files,, review the Records Management File/Folder Naming Conventions Tip Sheet.
If you have questions relating to records management during this transition time, please contact email@example.com.
Report privacy breaches, data breaches and phishing
If you experience or suspect unauthorized access to Ryerson data, loss of Ryerson data or disclosure of Ryerson resources, please immediately report the incident to the CCS Help Desk at firstname.lastname@example.org or 416-979-5000, ext. 556806. Time is of the essence in privacy breaches and the sooner we’re made aware, the more likely it is we can stop unauthorized access or recover lost data.
If you are concerned about unauthorized access or disclosure of personal information, please contact email@example.com.
If you encounter a phishing attempt on your Ryerson account, please forward the message to firstname.lastname@example.org without clicking any links in the message. By reporting, you can help CCS stop the message from reaching others at the university. Find tips on how to spot a phishing email.
During full service operations, Computing and Communications Services (CCS) accepts all computer deliveries in order to tag and set up the devices for employee use. During the COVID-19 pandemic, this service is temporarily unavailable and some Ryerson computers are being shipped directly to employee homes. Here are a few guidelines for employees purchasing and shipping Ryerson computers directly to their homes.
Employees purchasing a computer with Ryerson funds are encouraged to purchase a Ryerson-approved computer so that CCS can support it once we return to campus. Supported options can be found on the Supported Hardware page.
The new computer may contain many trial versions of software or applications. We recommend deinstalling trial versions of software or applications and installing the following products:
- Sophos antivirus: On Ryerson-owned devices, please install Sophos to protect against viruses and malware. For information on installing Sophos, please visit the CCS Security Software page.
- If you’re using a personally-owned computer, you can download a free Sophos Home version of their antivirus software. Find more on the Security Software page.
- RU-VPN2 virtual private network: If you will be accessing old S or U shared drives or the Ryerson University Financial Information System, you will need to install RU-VPN2. For more information and download instructions, please visit the CCS RU-VPN2 page.
- Google Drive File Stream or Google Backup and Sync: While we recommend using Google Drive on the web, you may also wish to use these tools to sync files between your Google and local drives. Find more on the differences and download instructions on the G Suite at Ryerson site.
- Microsoft Office 365: You may also wish to install Microsoft’s suite of products. For download instructions, please visit the CCS Microsoft Software page.
Please be sure to also review and practice our tips for device security.
Once emergency measures to contain the pandemic are over, you’ll need to contact CCS to have the computer reimaged, and software and security settings installed—a process that usually takes two days. At this time, you will also need to provide purchase details in order for CCS to update the asset management system.