Clayton State Adopts New Policy for Personally-Owned Devices
Clayton State University has adopted a new policy for employees in regards to the usage of their hardware and related software – devices that are not owned or supplied by the University, but could be used to access Clayton State University resources.
This new policy applies to all Clayton State University agents who have a personally-acquired device and who wish to use said device in the Clayton State business environment.
This policy applies to all users employing such a personally-owned device, such as a personal laptop, smartphone, tablet, or mobile storage devices like USB drives or external hard drives. If any of these personal devices are connected to a Clayton State network, and/or are capable of backing up, storing, or otherwise accessing Clayton State data of any type, the users must adhere to Clayton State’s defined policies, standards, and processes.
Click here to read the new policy http://www.clayton.edu/nes/Policies-and-Procedures/CSU-BYOD-Standard.
As part of the implementation of this policy the IT Security Awareness training has also been updated.
Here are the instructions to access and complete the training:
· Use your current CSU user name and password to log into Employee Training.
· Click on Employee Training CO
· Click on 2015 IT Training Modules
o There are four training modules
§ Security Practices
§ Security Threats
§ Securing Portable Devices
§ Sensitive Data
NOTE: The modules may be taken in any order. At the end of each module there is a quiz, which you must complete with a score of at least 80 and a certification of completion for your files.
These modules replace the Security Awareness training previously part of Human Resources Required Employee Training. The 2015 IT Training Modules were available through the Human Resources site as of Jan. 1, 2015 so if you have already completed these modules there is no need to re-take the training.
If you have not completed these training modules you must complete this training by Apr. 30, 2015.
For instructions on navigating the new Employee Training platform, please visit Desire2Learn Support.
If you have already completed the training please note the following information was added to the Security Practices module on Jan. 20.
Backing Up and Saving Information
One of the features provided with the implementation of Office 365 is the OneDrive for Business Folder. This folder can be used to backup/save documents [and should be used instead of insecure options such as Dropbox].
Another backup/save option is to save documents on the Z: shared drive or your H: drive folder and access the documents by logging on through VPN.
If you have completed the security training and signed the Bring Your Own Device (BYOD) Employee Declaration you could be accessing the OneDrive for Business folder from your personal device. Care should be taken when syncing your personally-owned device while Office 365 is open. Syncing your device will place a copy of the documents stored in OneDrive for Business onto your device. So if it is sensitive information, it needs to be encrypted.
Care should also be taken with emails in your Office 365 account that might contain sensitive data. Syncing your personally-owned device will also place copies of all of your emails onto your device.
Remember there are sensitive data guidelines (Clayton State University Acceptable Use, FERPA, HIPPA, State of Georgia Opens Records Act, etc.) that must be followed. For more information on sensitive data refer back to the Sensitive Data Training.”