Accessing University Systems and the Use of Personal Devices

ISO Position Paper

Position Title: Accessing University Systems and the Use of Personal Devices

Position Audience: All faculty, staff, and affiliates

Contact: Information Security Office: [email protected]

Position Release Date: November 15, 2017

Last Update: January 18, 2024


Problem Statement

Members of the University community have inquired about accessing University systems using their personal devices.

ISO Position

It is the position of the Information Security Office that access to University systems should only be conducted through approved University-owned and managed devices. Personal devices introduce security risks to the University infrastructure and data and should not be used to access University files and applications. For both security and business continuity reasons, only University-owned and managed devices should be used when working remotely or on campus. 

University email is specifically excluded from this position. With the reminder that Restricted and Confidential data should NEVER be communicated in email without encryption, it is considered acceptable to use personal computers and phones to access University email (with the provided security precautions indicated below).

Personal devices should use a vendor-supported operating system with an active firewall and antivirus (AV) software (where possible). Operating systems must have all relevant security updates applied within 30 days of release by the vendor.

AV software

Enable firewall

Supported operating systems

 

Data classification: Public