- 28 Jan 2021
- 5 Minutes to read
- Print
- DarkLight
- PDF
Security Considerations
- Updated on 28 Jan 2021
- 5 Minutes to read
- Print
- DarkLight
- PDF
This Section Covers:
- Initial guidance for your teleworking setup
- Acceptable Use of State of Maine IT Resources
- Use of Personal Devices
- Virtual Meeting Security
- General, E-mail, Laptop, Mobile & Wi-Fi security tips for working remotely
Initial guidance for your teleworking setup:
- Plan to use your state-provided computer if possible.
- Ensure you have access to the internet and are able to connect your state laptop to your home Wi-Fi.
- Plan to have a mobile phone or landline available.
- Use a surge protector when powering your devices.
Policy and Work Rules Concerning the Use of State Information and Technology (I.T.) Equipment and Resources
Is a statewide policy that applies to State of Maine personnel, both employees and contractors, with access to Executive Branch information assets, irrespective of location, or information assets from other State government branches that use the State network. Here are a few key points:
- State information and technology and related communication equipment and resources may include, but are not limited to: computer workstations, laptops, mobile devices, voice mail, etc.
- State-owned I.T. equipment, resources and maine.gov e-mail addresses are made available to employees to conduct official State of Maine business only.
- Employees are expected not to conduct outside business or use these resources in conjunction with any outside employment activity.
- State-provided computers come with software to protect you from viruses, and help execute job functions.
- Do not disable, remove or download any applications unless authorized by your supervisor.
- Do not insert any removable media into a State device without ensuring that it does not contain malware.
- Please refer to the Policy and Work Rules Concerning the Use of State Information and Technology (I.T.) Equipment and Resources, the State of Maine Department of Administrative & Financial Services Office of Information Technology (OIT) Rules of Behavior, or User Device and Commodity Application policy for additional information.
Use of Personal Devices
If using a personal device to conduct state business, you must comply with the guidelines found in the Rules of Behavior and Mobile Device policies. Here are a few key points:
- Applies to any mobile device connected to State Information Assets, irrespective of ownership.
- Registers and manages State-issued and personal (BYOD) mobile devices that are authorized to connect to State Information Assets.
- Registration is on a per-user, per device basis.
Security Tips for Virtual Meetings
- Avoid adding your meeting to any public calendars or posting on social media.
- Require participants to enter access codes and avoid reusing the same code on future meetings.
- Distribute the meeting link and access codes directly to intended participants.
- Before sharing your screen, close unused windows to ensure you do not share sensitive or confidential information.
- Use a privacy shield or cover your webcam when not in use.
General Security for Working Safely & Securely Online
- Attackers are expected to try and take advantage of employees working from home, and will be attempting to trick them into taking action, capitalizing on the fact that employees can't immediately validate face-to-face with coworkers or managers.
- Validate the urgent or out of the ordinary, whether from a customer, manager, or executive, before providing information, clicking on a link, opening a document, transferring money, or downloading / installing something.
- MaineIT enforces multi-factor authentication (MFA), which doubles your login protection.
- MaineIT enforces the latest security patches to State owned devices. Similarly, the best way to stay secure on your personal devices is by updating to the latest security software, web browser, and operating systems.
- Keep tabs on your applications and their permissions, and use the "rule of least privilege" to delete what you don't need or no longer use.
- Avoid oversharing or sharing personally identifiable information on social media platforms.
- Treat business information as personal information.
- As in the office, make sure information on your screen is not visible by others, lock your computer when you walk away from it.
- Ensure work discussions cannot be easily heard by others in your home, shut the door, or use a headset (if available), rather than a speaker phone.
- Do not allow others, including family members or roommates, to you use your work computer.
- Avoid using public computers and / or public Wi-Fi to access, process, store, or transmit data.
- Don't make passwords easy to guess.
Always remember it only takes one time! Many data breaches can be traced back to a single security vulnerability, phishing attempt or instance of accidental exposure. One of the best ways to protect yourself and State data, whether a state employee or contractor, is to stay up to date on cybersecurity training.
E-mail Security
- Be even more vigilant and aware of unsolicited e-mail or phishing attempts.
- Do not access your personal e-mail on a computer you are using for work - access from a different computer.
- Be cautious when opening e-mails and do not click on links from people you do not know.
- Do not provide state or personal information in response to any type of communication you did not initiate.
- Utilize the methods of encrypting an outbound message for added security:
- All State of Maine network internal e-mails are encrypted as a standard. There are two ways, and only two ways, for making an external e-mail confidential.
- 1) For a recipient outside the State of Maine network add the keyword SOMsecure (not case sensitive) in the e-mail subject or body.
- 2) Set the Confidential flag.
- In the message window, click File, and then click Properties.
- Click the Sensitivity dropdown, then select Confidential.
- In the message window, click File, and then click Properties.
Laptop Security
- Keep your device in a secure spot and know its whereabouts at all times.
- Do not take to unsecure areas (shopping centers, restaurants, etc.).
Mobile Device Security
- Keep your device in a secure spot and know its whereabouts at all times.
- Switch off your Wi-Fi and Bluetooth connections when not in use.
- Ensure your mobile device is protected by a strong pin / password and set-up to lock automatically when not in use.
Wi-Fi Security
- The State of Maine requires users to be on a virtual private network (VPN) while working remotely.
- If you need help with setting up your remote access, check out these online resources MaineIT has established for getting started: configuring MFA, or RSA.
- When using a remote access solution from home, keep the following in mind:
- Secure your Wi-Fi network by changing the factory-set default password and username.
- The default / preconfigured password for most routers is easily accessible on the internet, making it very important to change and not use the default.
- Have you changed the Wi-Fi network name to something unique that doesn't provide any identifying information?
- Confirm your connections are secure (HTTPS);
- The "s" in "https" stands for "secure" which means the webpage is encrypted.
- Another way to look for encryption is the lock symbol (sometimes green) in the browser address bar.
- If you do not see the "https" or lock symbol, do not enter any sensitive information on the website.
- Your internet connection may be slower than your office location.
- MaineIT FAQ's regarding minimum internet requirements for working remotely are located here.
- If you have difficulty with your Wi-Fi connection, please contact your service provider. The OIT Help Desk will not be able to provide support for these types of issues.
- MaineIT FAQ's regarding minimum internet requirements for working remotely are located here.
- When using a remote access solution from home, keep the following in mind:
- Please reference requirements for Remote, Mobile, and Wireless access, and Rules of Behavior for All Users in the MaineIT Information Security Policy for any additional information.