Security when working remotely
What are important things to keep in mind when you and many others are working from home at the same time?
When more people than usual are working outside the workplace, the organisation's information is handled in a way that neither we nor our IT systems are used to. This is important information that must be handled securely in order to prevent the information from falling into the wrong hands, being destroyed or becoming inaccurate.
- Your work equipment – computer, tablet or mobile phone – is personal and must not be used for private purposes or by others. The information there must be protected. This means that you must always log out and lock the computer when you leave it unattended, even at home. Make sure that you have a strong password.
- Do not write personal identity numbers, passwords, or other sensitive information in chats/messages/emails. If you want to communicate about sensitive information, CALL the person you need to communicate with.
- USB flash drives must not be used between private equipment and your work computer since viruses can be spread between devices.
- Never save sensitive information in private cloud solutions (Dropbox, Google Drive, etc.).
- For digital work meetings, assess the risk of others hearing and seeing the information being communicated. Also think about what is being discussed/when the meeting is being recorded.
- You can reduce the risk of becoming a victim of fraud by refraining from clicking on links or attachments from unknown senders.
- Do not download programs that come by email, text message or various websites, especially if you do not know the sender.
Please read more about how Uppsala University works with the General Data Protection Regulation (GDPR)
The Swedish Civil Contingencies Agency (MSB) has published information and a fact sheet about security when working remotely (Swedish only).
Questions about Zoom and security
Because of the increasing amount of remote work being performed around the world, articles about Zoom and information security abound. The public Zoom solution is the one often seen in the press, especially in relation to questions regarding the use of personal data, credit cards, etc. These questions do not concern Uppsala University since we use a separate installation of the Zoom service provided by Nordunet, with its own server hall in Copenhagen, Denmark.
No meeting content is saved by our provider. Recordings of meetings, text in chats, and notes are saved locally on the computer recording the meeting. The meeting hosts decide who is permitted to record a meeting. Moreover, no sensitive personal data is found at or sent to the provider. Personal names, account names and email addresses are saved by the provider to be able to provide the service to us and our users.
For even higher security there is an option to select end-to-end encryption when starting meetings. The chats are always end-to-end encrypted.
Note that end-to-end does not work with people connection through the web application (Chrome, Explorer etc).
Meetings when handling confidential information
Given that Zoom has the possibility to do end-to-end encryption, we consider the security as high enough to consider having Zoom meetings even when handling confidential information. NB! It is important that ensure in each such meating that the encryption method end-to-end actually is selected, by verifying that there is a green symbol with a lock top left in the session window. The standard encryption has a green symbol as well, but with a check mark.
Information regarding how to use Zoom from the university IT services
Please read more about how we handle Zoom and security at Uppsala University.
Any questions? If so, please contact the Security and safety division, e-mail security@uu.se