Remote work presents a unique challenge for information security because remote work environments don't usually have the same safeguards as the office. When an employee is at the office, they are working behind layers of preventive security controls. While not perfect, it is harder to make a security mistake while at the office.

However, when computers leave the perimeter and people work remotely, new risks arise and additional security measures are essential. Below is a high-level overview of common controls (always check with your IT department for current policies and helpful hints) for enhancing security when working remotely. While intended for work computers, similar steps can and should be taken on any other device that may be used to access data of an organization (such as smartphones, tablets, or pads).

A simple and important first step is to familiarize yourself with the policies and procedures put in place by your organization’s own IT security experts, typically available on their website.

Keep Work Data on Work Computers

Thinking about taking care of a few work emails at home before bed? It can be tempting to use your personal computer if your work computer is in a different room or you forgot your charger at the office. Organizations typically have dedicated IT personnel that are installing regular updates, running antivirus scans, blocking malicious sites, etc., activities that may be transparent to you. You may not have followed the same protocols, and by introducing a personal computer to a work network you may put the organization’s networks at risk.

Keep Your Devices Safe

Simple steps can go a long way in keeping your devices safe:

• Create strong passwords for all logins and all devices. Many cyber criminals utilize sophisticated password-cracking tools and techniques and can easily crack weak passwords.
• Enable automatic locking (locks after a certain amount of inactivity) on your device.
• Enable location tracking, so you may be able to find your device if it is lost or stolen.
• Make sure devices are current on all software and security updates.

Protect Sensitive Data in Emails and on Your Device

Sending emails with sensitive data is always going to be a risk. If you encrypt the data attached to an email, it will prevent an unintended recipient from viewing the information. You can easily encrypt a document with a password in basic applications like Microsoft Office and Adobe Acrobat. Additionally, you may be able to share confidential work files via an encrypted file-sharing application. Utilize multifactor authentication and be sure your device is set to have all stored data encrypted in case of theft.

Make Sure Your Wi-Fi is Secure

Making sure your Wi-Fi is secure is an important cybersecurity control. Here are some measures you can take:

• Change the default password for your Wi-Fi router to a new, unique password.
• Change the wireless network name to something that excludes personal information (like name or address).
• Use a virtual private network (VPN) to encrypt your connection and secure your browsing data from cybercriminals.
• Avoid public Wi-Fi! Public Wi-Fi networks are common targets for cybercriminals as they are either poorly encrypted or not encrypted at all. This introduces significant security risks and should be avoided if at all possible.

Physical Protection

Physical security should not go out the window when you are working remotely. Just as you would protect your workspace and devices in the office, do the same when working out of the office:

• Lock up or secure your remote office or workspace when you are not actively working.
• Never allow family members or friends to use your work devices.
• If working in a public location, block site lines and choose somewhere private. Try not to have your back to windows or doors, to avoid “shoulder surfers” or use a privacy screen.
• Do not leave work devices in a car; keep devices on your person at all times.
• Never use a thumb drive if you do not know where it came from or if it can be trusted.

Small steps can make a big difference in improving security and protecting organization data while working remotely.

USA faculty and staff should be aware of the Alabama Ethics Act (the “Ethics Act”), which sets forth guidelines we must abide by as “public employees" (as defined in the Ethics Act). Components of the Ethics Act are covered in various policies in our Faculty Handbook, Staff Employee Handbook, and University Policy Library, but the following are some of the key guidelines from the Act which impact us.

Filing of Statement of Economic Interests (SEI)

Certain public employees who meet Ethics Act criteria must complete and file a Statement of Economic Interests each year. USA's H.R. Department endeavors to alert subject employees of this requirement prior to the annual deadline of April 30, but it remains individual employees' responsibility to timely file.

Ethics Act Training

Public employees required to file the Statement of Economic Interests must complete an online Ethics Law training with 90 days of their date of hire.

Use of Official Position or Office for Personal Gain

No public employee shall use or cause to be used his or her official position to obtain personal gain for himself or herself, or a family member of the public employee, or any business with which the person is associated, unless the use and gain are otherwise specifically authorized by law. Personal gain is achieved when the public employee, or a family member thereof, receives, obtains, exerts control over, or otherwise converts to personal use the object constituting such personal gain. This provision includes use of University equipment, facilities, time, materials, human labor, or other public property under an employee’s discretion or control. No public employee shall solicit a thing of value from a subordinate whom he or she directly supervises or a person or business whom he or she inspects, regulates, or supervises. USA’s Staff Employee Handbook (State Ethics Law & Gifts) reinforces this component.

Offering, Soliciting, or Receiving Anything for Purpose of Influencing Official Action

Public employees (and family members) shall not solicit or receive anything from any person for the purpose of corruptly influencing official action, regardless of whether or not the thing solicited or received is a thing of value. In addition, no public employee or group of public employees shall solicit any lobbyist to give anything, whether or not the thing solicited is a thing of value, to any person or entity for any purpose other than a campaign contribution. USA’s Staff Employee Handbook (State Ethics Law & Gifts) reinforces this component.

Confidential Information

No public employee or former public employee, for a period consistent with the statute of limitations found in the applicable Alabama statute, shall use or disclose confidential information gained in the course of or by reason of his or her position or employment in any way that could result in financial gain other than his or her regular salary as a public employee for himself or herself, a family member of the public employee, or for any other person or business.

Representation of Client or Constituent Before Board or Department

If a public employee, or family member of the public employee, or a business with which the person is associated, represents a client or constituent for a fee before any quasi-judicial board or commission, regulatory body, or executive department or agency, notice of the representation shall be given to the Ethics Commission within 10 days after the first day of the appearance.

Public Contracts

Unless exempt pursuant to Alabama competitive bid laws or otherwise permitted by law, no public employee, or a member of the household of the public employee, and no business with which the person is associated shall enter into any contract to provide goods or services which is to be paid in whole or in part out of state, county, or municipal funds unless the contract has been awarded through a process of competitive bidding and a copy of the contract is filed with the Ethics Commission. More details can be found in USA’s Purchasing policy.

Prohibition on Discrimination Against Employee Filing Complaint

A supervisor shall not take disciplinary action against an employee in response to a good faith report by the employee of a violation of the Ethics Act. USA also has a general Non Retaliation policy which provides details related to reporting violations of all types.

Recent Policy Updates: a list of all new or revised policies published in the prior 90 days

Professional Service Selection Process for Capital Projects - Provides directions for selecting professional services for all capital construction projects.

Federal Requirements on Human Trafficking - Ensures that USA is compliant with federal law prohibiting human trafficking and requires federal contractors and subcontractors to develop and implement anti-trafficking compliance programs for certain contracts for goods and services.

International Shipping – Ensures compliance with all Export Control, Trade, and Transportation Sanctions laws and regulations as they apply to international shipments.

Are you (or someone you know) looking to grow professionally, help direct and enrich an internal audit function, and positively impact the lives of students and patients? If so, we're looking for you in the Office of Internal Audit!

We are seeking an Internal Audit Supervisor to join our team. See the job posting here.