Important Telecommuting Security Guidelines

Tuesday March 17, 2020

Should you utilize remote access, please note the following requirements: 

  • Employees who use their own personal electronic devices for official New York State business must ensure that their use is in full compliance with the New York State Information Security Policyand the New York State Acceptable Use of Technology Resources Policy, as well as their agency's work rules, ITS Enterprise technical standards and ITS mobile/personal device technical standards and policies. 
  • Do not download or save sensitive or confidential data to a personal device. If you inadvertently do save or download such data to your personal device, you should take immediate steps to permanently remove the data from your device by deleting it from the location where you have it stored, and then deleting it from your recycle or trash bin.   
  • Ensure that you have a strong password to protect access to your personal device and that that password is not shared with others, including friends and family.  Do not reuse your personal passwords for work purposes. Use complex passwords and change them in accordance with your agencies' policy. 
  • Do not accept "remember my password" prompts.  Securely log in each time you utilize remote access. 
  • Explicitly log out of all browser and VDI sessions when not actively in-use, do not just 'X' out of the active window. If you do not log out, others with physical access to your device could gain unauthorized access to agency data.  
  • To the extent possible, ensure that your personal device is fully patched with the latest security patches.  
  •  To the extent possible, ensure your personal device is using a current and up-to-date anti-virus/threat solution, a personal firewall, and a malicious content blocker for your web browser. Microsoft Windows devices come with Windows Defender which provides these things.
  • When traveling with your portable device, ensure that you keep it in your physical possession at all times.  
  • When utilizing Wi-Fi, ensure you only connect to known and secured networks. If use of public wi-fi becomes a necessity for connectivity, ensure that you explicitly ask the hosting organization (e.g., library, coffee shop) for the correct network to join. Be mindful of shoulder surfing and do not leave printed documents on public printers where they can be seen by unauthorized individuals. 
  • "If your State-issued remote access device has been lost or stolen, you must immediately contact your supervisor and your agency information security officer or designated information security representative. If you believe your State-issued remote access has been compromised, immediately contact the NYS Cyber Command Center at (518) 242-5045 or email [email protected].