In these difficult times, remote working is the recommendation; however, this can present both significant benefits and potential risks. Whilst we make every effort to secure all Queen Mary data on Queen Mary servers, it is important users follow the below guidelines to improve protection whilst working from home.
Does data protection legislation apply if I am working from home?
Yes, if you are processing any identifiable personal data of any individual as part of your directed duties whether in electronic or hard copy form. This must be done is accordance with data protection legislation. Find out more about what constitutes personal data here [sections 3.2 and 3.3].
What should I do when I am working from home?
If you are using any personal device, ensure you have the latest operating system, which is Windows 10 for Microsoft and Mac OS 10.15 for Apple when working from home. You must also ensure that the latest anti-virus and anti-malware software is installed so that you are sufficiently protected. You can check the status of your protection by visiting the ‘Settings’ area of your device.
When accessing your email on mobile devices you should use MS365 webmail, if you decide to use a 3rd party application take care when selecting an application, as it may not offer the appropriate security and may require you to give permission to access your data. You should not view any sensitive data until you are on a Queen Mary approved device.
It is not good practice to write down your username and password so that they are easier to remember. If you have one, use a password manager, especially one that uses a securely encrypted vault, such as LastPass. Otherwise, set a strong password, you and you alone can remember: please read section 3.8 of the Password Management Policy. Whilst working on your personal device, please do not save any work-related files on your local hard drive. You should utilise Queen Mary approved applications such as Teams, OneDrive and SharePoint.
Remember to lock your computer when you are no longer using it; leaving your screen on could allow sensitive data to be seen by others. Where possible, you should use a secure connection to access and save files e.g. via the QMUL VDI service or a managed device. Also, make sure your home Wi-Fi is password protected with a strong password.
When you have finished working, make sure that you fully close down all applications that you have been using, especially any secure connections that you might have previously established. This can prevent unintended connections that might cause damage to our infrastructure, especially if your device is shared with other people in your household.
If you are using a Queen Mary issued device, you should not share the device or allow access to others in your household especially if the device contains sensitive data.
Be aware and only use systems and applications authorised by Queen Mary University of London. Several tools are available to help us all work collaboratively during this period: Skype for Business, VDI and Microsoft Teams are approved applications. Zoom is not. If in doubt, contact the IT Servicedesk via chat, email, self-service option(s) or your line manager.
Where should I work from when I am working from home?
You should ensure that you maintain a similar level of privacy whilst working from home to that which you would when working at Queen Mary. It is advisable to set up your work area in a space devoid of distractions, ensuring that your screen is not visible to anyone else at all times where possible. Also, follow all prompts and guidelines, when accessing some Queen Mary systems, which have special instructions.
I need to send a file which contains personal data to another member of staff, what should I do?
Never use a non-QMUL, personal email account to send or receive email. This is against University Policy. Rather than sending files as attachments, you can make such files available to your colleagues using SharePoint or Microsoft OneDrive for Business environments to provide access to the file in-situ. If you must send an attachment that contains personal data, ensure that the data classification allows you to do so. Queen Mary’s Information Classification policy is available here to guide you. If, having done all your checks, the need remains to send sensitive data as an attachment, then encrypt the file before sending it and provide the password by some other means, such as telephone. Encryption is possible for all MS Office applications, PDF and others (see further guidance).
What should I do if I receive an email that has an attachment?
Phishing attempts are on the rise. DO NOT click to open attachments or hyperlinks from a source you do not trust. Before opening any file or hyperlink, you must be certain that it was sent from a genuine source. To do this, hover your mouse over the link to reveal the genuine address of the sender. If you are sure of the sender, then click the link to open the file or URL. Take special care to ensure that when the data is no longer required you delete it from your local device. This includes any files saved automatically as part of the download process. However, if you have received an email with personal data in the attachment, please ensure you comply with the Queen Mary Information Handling and Data Protection Policies.
I suspect a Data Breach has occurred whilst I have been working from home, what should I do?
If you suspect a data breach has occurred whilst you are working from home, you should report this to the IT Servicedesk through chat, email, self-service options – or contact firstname.lastname@example.org. Preserve as much of the evidence of breach as you can, for instance, by screenshotting any attachments or messages received. This enables a proper investigation of the incident by our security teams. Should the investigation require, you might be contacted for further information.
Can I print files when working from home?
The simple answer is yes! However, you do have to be aware of the nature of the document being printed. Queen Mary does not encourage the printing of confidential and/or sensitive information from devices not owned and controlled by our secure infrastructure. In the event that printing is unavoidable, the output must be stored securely in accordance with Queen Mary’s relevant information security policy, and when no longer required, disposed of in a secure manner using a cross-cut shredder.