Work from home and Personal Device Security Guidelines

Personal Devices & Working from Home

The BYOD (Bring Your Own Device) policy applies to personal devices used on campus or while working from home. All personal devices used for work purposes should follow the same security guidelines as NIU owned and managed devices. Following common-sense guidelines from the US Computer Emergency Readiness Team (US-CERT) and NIU's guidelines for NIU-owned devices can help the NIU community protect their personal data and their personal devices.

  • NIU does not provide any kind of backup support or recovery of lost data from non-university owned machines. Rather, it is the responsibility of the employee to secure and backup all data on personal devices.
  • Sensitive NIU data may not be stored on any local device or in personal cloud services.
  • You should not use an account with administrator privileges for day to day activities like email or web surfing.
  • You should use a unique account for work activities that is different from your personal account and the work account must not be shared with family or friends.
  • Personal devices may be used for work-related activities, but users should not:
    • map NIU shared drives to their personal device.
    • auto-synchronize personal devices with NIU's Microsoft OneDrive implementation.
    • auto-synchronize personal web browser profiles/accounts with NIU systems.
    • install NIU-owned or NIU-purchased software that is not authorized for personal use.
    • leave personal devices unlocked or unattended.
  • Use the same best practices for software installation as you would on an NIU-owned device. Do not install software from unidentified sources.
  • When on campus, NIU employees should connect to the authenticated NIU Wireless network with all their devices. When off-campus and using the device for work-related activities, NIU employees should authenticate to the NIU's VPN service at https://vpn.niu.edu.

Personal Device Security Requirements

You are responsible for the security of your personal device. Any personal device (mobile phone, laptop or desktop computer) that is used for work related activities must follow the same security guidelines as NIU owned and managed devices:

  • The device must be secured with some form of authentication. A PIN, password, fingerprint, pattern, or other forms of biometric verification.
  • The device must run a current operating system that is still patched by the vendor.
  • You must maintain current patch levels for the operating system and applications.
  • The device must run, or be scanned with, a current up-to-date anti malware software.
  • The device should run local firewall if available.
  • The device should use disk encryption.

Passwords

Passwords are critical to the security of your accounts, your devices, and the data you have access to. Below are some best practices regarding passwords.

  • Never re-use you NIU password for personal Internet sites or services
  • Never share your passwords
  • Create long passwords or pass phrases of at least 16 characters. 
  • Use multifactor authentication whenever possible
  • Use a password manager to securely store and access passwords.  Though the University does not recommend any one solution, here are some examples of free password managers:

 

Back to top