skip to content
Home

IT Help and Support

University Information Services
 

Information security best practice for working from home

It’s important you are compliant with data protection laws (UK GDPR) while working remotely. Please read the important security guidance about working from home and keeping safe online to prevent compromising the security of the University’s data.

Please always check with your local IT staff for their policies and procedures for working from home. This is general guidance only and not specific to your institution.

It is also subject to change as new systems and practices come online to help you work from home, so we recommend checking this page regularly.

Contents

  1. Thinking about the device you will use to work from home
  2. How to connect to your work
  3. Managing your emails securely
  4. Working with documents, spreadsheets and other files
  5. Staying safe online
  6. Housekeeping and end-of-day routine
  7. In summary
     

Thinking about the device you will use to work from home

If you have a work laptop, then use this at all times and endeavour to make sure it is encrypted. To check if it is encrypted see our guidance on How to check if your laptop is encrypted. This also explains how to turn on encryption but you may need to contact your local IT department for help with this. Further information about encryption is available on our storing and sharing personal data page.
 

UAS staff using managed desktops/laptops

If your work laptop isn't encrypted and you do not have the administrative rights to enable encryption yourself, please use the new Remote Access system for ACN users when working on sensitive data because this prevents data being downloaded to your local device.

When you have finished working it's important that you explicitly sign out of the Remote Access system and do not leave the session running on your machine.

Preventing automatic file syncing to your local drive

When you are not connected to the Remote Access system, many file storage services such as OneDrive, Google Drive and Dropbox give you the ability to sync or download files to your local hard drive. Think carefully about the security level of any files you choose to download. To prevent unnecessary data being downloaded automatically, you can disable file synching as follows:

OneDrive | Google Drive | Dropbox
 

Using personal devices

If you don't have a work laptop, then you might be able to use your own personal laptop, or desktop computer, by taking a few precautions:

Remember, this is general advice. Please take advice from your local IT staff for how best to set up your home device to suit you and the work you do for your institution.
 

How to connect to your work

If you require a VPN (virtual private network) connection to access your resources (for example, a network shared drive such as k:/ or r:/ drives), please read our page on remote access.

If you have access to the University's Office365 suite, you can connect via your crsid@cam.ac.uk and your Raven password. Do not save your password to the device (click ‘No, Never’ when prompted in the dialogue box). Raven keeps you authenticated for most of the day, so please remember to lock your screen (clear screen) when you are not at the device.

If you do not currently have access to the University's Office365 suite, you can download it onto your home device as well as your other devices (such as your own personal tablets and phones) so that they can all synchronise.

Separately, you can gain access to online cloud storage through OneDrive

Take advice from your local IT staff for how best to connect from home.
 

Managing your emails securely

Something to consider, when reading a document sent to you via email, is that Outlook will store it to a temporary folder and it will remain there until you save the document or delete it from the folder (this happens at work too). This means that every document or file that you read, but don't save, could, potentially, be accessible by others in your household. Take care especially with reports from CHRIS, CHRIS62 forms, lists of student marks, staff appraisals and so on.

To avoid this, we recommend that you save the document immediately to a 'shared' drive (via VPN connection) or to a University OneDrive folder, or similar. See storing and sharing personal data for options.

If you cannot save it securely, ensure you have removed it as part of your logging out procedure (see the clear session policy).

We recommend you do not email lots of files home and back to work again. Rather than sending documents in an attachment via email, place the document in a shared folder on, for example, OneDrive and then send a link to the document to share it. This is also the recommended way to share all your documents and data at work – especially to larger groups. See working with documents, spreadsheets and other files.
 

Working with documents, spreadsheets and other files

USB drives or pen drives are not recommended to transfer data to and from work because they are easily dropped or lost and could cause compromise to the University. Think carefully before using these – including for creating backups.

The University has many document sharing platforms that are all UK GDPR-compliant, so we urge you to use them and not to use any of your own personal sharing platforms for University information. Please see storing and sharing personal data.

The advantages of using these platforms is that you can upload all your data from work onto folders that you can access at home, share with your colleagues and not have to send them via email to yourself or download them onto a USB stick – both of which are cumbersome and more insecure.

For further information on storing personal data, see storing and sharing personal data.

Remember, this is general advice. Please take advice from your local IT staff for how best to share data from home in your particular circumstances.
 

Staying safe online

We highly recommend that you visit the Cyber security awareness and training page to learn about the risks of working and studying online and how to mitigate these risks.

We would urge you to take the time to look through some of the pages now and please always use a different device, to contact about a compromised device or account, rather than using the one that is compromised.

In addition, you may find the Data Protection Training from the Information Compliance Office useful, along with their pages of data protection guidance.

More information on how to spot a suspect email and how to stay safe online is available in the NCSC guidance on dealing with a suspicious email and UK safe online guidance.

 

Housekeeping and end-of-day routine

Clear screen policy: every time you leave your desk, lock your computer.

When you finish working for the day:

  1. log out from all your sessions (e.g. VPN, email and Moodle)
  2. if there are any security patches waiting, apply them, update and shut down

In summary, remember to:

  • use University storage and collaboration tools to access, store and share data
  • save emailed documents safely, and don't send documents or files via email if you don't have to
  • use an operating system that is still supported by the software vendor and is updated regularly
  • install an up-to-date malware protection system and update it regularly
  • verify that the local firewall on your device is enabled
  • get your device encrypted, if not already
  • say ‘no’ when asked if you want to save your Raven password to your home device
  • use the clear screen policy and shut down each day
  • use unique passcodes, passphrases and passwords, that you do not share, to access resources
  • only download software from a reputable source
  • take advice from your local IT department.

Further advice and guidance on security, including incident reporting and data breach reporting, see the pages on information and cyber security.

Contact us

UIS facilities

Resources

UIS websites

Study at Cambridge

About the University

Research at Cambridge