Working Securely When Off Campus
This guidance note has been drafted to help staff take appropriate measures when working remotely to protect the security of the devices they use and the data they process. In light of GDPR, it is particularly important that we meet our obligations to keep all University information safe and secure.
Keep your laptops and mobile devices safe
- Mobile devices and laptops can present a serious security risk if lost or stolen. Make sure to keep your devices with you and in sight at all times when travelling and never leave them unattended in public locations or visible in cars.
- Mobile devices such as phones and tablets should be protected by an auto-locking pin at all times.
- You should ensure that you lock your laptop screen when taking a break or finishing work for the day.
- Where possible, lock devices securely away when not in use and avoid accidental damage by keeping devices out of reach of children or pets.
- Staff should not share devices which are being used to store sensitive University data with other family members or friends. We appreciate that this may not be possible during the nationwide Covid-19 response; if so please login to the device with a user profile for each user. Alternatively, if you access Office 365 through the web only, ensure that you logout when you are finished to protect University data.
- Ensure your computer, laptop or device is used in a safe location, for example where you can keep sight of it and minimise who else can view the screen, particularly if working with sensitive and/or personal data.
- Use effective access controls (such as multi-factor authentication and strong passwords) and, where available, encryption to restrict access to the device and to reduce the risk if a device is stolen or misplaced.
- When a device is lost or stolen, you should take steps immediately to ensure a remote memory wipe where possible. For phones and tablets, you can do this through your Outlook online settings or contact firstname.lastname@example.org
Look after your Passwords and Pins
- Just as when working in the University, take care not to reveal your passwords to anyone else. Your UCC computer account and network login password act as your identity on the UCC data network and restrict access to your email and other files to you. Guard your passwords and always change them if you suspect that they have become known to others.
- When accessing your email or documents in Office365 remotely you will be prompted to use Multi-Factor Authentication. This means that a code is sent to your mobile phone or your phone is called which you then use in addition to your password. This provides a second level of security to protect your account in the event that your password becomes known to a third party.
Be vigilant for scams and phishing
Unfortunately we have seen a rise in phishing attempts that use the Covid-19 pandemic subject in an attempt to get users to open malicious links. Please remain vigilant with your details, both personal and the University’s, during the period of working from home.
- Be vigilant to the possibility of phishing when reading emails. Treat any email that asks for your username and password details with extreme caution and be mindful of emails which contain hyper-links to external websites.
- Additionally, be aware of financial scams. Always verify unusual requests sent by email (even if the email appears to have come from a colleague’s genuine UCC email account) to spend or transfer sums of money with colleagues via a known telephone number.
Protect paper files containing UCC data and personal data
- Only take home hard copy documents if necessary. Documents containing personal or sensitive data should not be taken home unless absolutely necessary.
- Only print if necessary and avoid retaining duplicate copies of data.
- Collect documents containing University data promptly from your printer and always use a shredder / confidential bin when disposing of University documents.
- Keep documents which contain University data secure when working at home – always lock paper files away when not in use. Exercise a ‘clean desk’ ethos when using shared spaces for work purposes.
- Be extremely careful when dealing with documents containing sensitive/personal data to keep them safe and secure.
Protect electronic files containing UCC data
- Avoid retaining duplicate copies of data. Check that downloaded files are deleted from your computer’s Download Folder / Hard Disk once saved to OneDrive / Teams or SharePoint / Network folders and not retained on devices where they may be visible to unauthorised individuals.
- Only use up-to-date operating systems with all security updates applied to make sure it is not vulnerable to attack. Do not use computers running Windows 7 for work purposes, including accessing Office 365. If this is the only device available to you during the Covid-19 closure please limit your activity to the Chrome browser and ensure the browser is up to date.
- Use work email accounts rather than personal ones for work-related emails, especially those involving personal data.
- Before sending an email, ensure you’re sending it to the correct recipient
- For emails involving large amounts of personal data or sensitive personal data please use HEAnet large file sender https://filesender.heanet.ie/ or share using OneDrive
- If you are working without cloud or network access, ensure any locally stored data is adequately backed up in a secure manner.
Breach notification - obligation
Report ALL incidents involving loss or unauthorised disclosure of personal data (e.g. emails sent to the wrong person or files lost / stolen) to your line manager and to the University’s Information Compliance Manager / DPO, Catriona O’Sullivan, – email@example.com or firstname.lastname@example.org - as soon as you become aware of the incident. The University has an obligation under GDPR to report data breaches to the Data Protection Commission within 72 hours of becoming aware of the breach. Complete Section 1 of the Data Security Breach Report Form and forward it to email@example.com or firstname.lastname@example.org as soon you discover the incident.
Further information on IT Security and Data Protection at UCC is available at:
In addition, the Data Protection Commission issued a guidance note last week on protecting personal data when working remotely. See: