Remote Access

No, you should not use VPN unless there is something that you cannot get to (for example, Kronos) or if you are on a public WiFi

Use VPN only when needed to reach specific RIT resources as capacity is limited!

VPN Required:

• Kronos
• Oracle / eBiz
• Some file shares
• Building floor plans

VPN Not required:

• Some file shares
• Library databases
• Email / Outlook
• Many RIT web resources and applications (MyCourses, myInfo, SIS, eServices, etc)

VPN Prohibited

• Netflix and other streaming services

Refer to these documents for VPN access.

Yes, you can use RDP (Remote Desktop). Approval is needed from your manager/supervisor. Please forward their approval to the RIT Service Center (help.rit.edu) to get the process started or contact the RIT Service Center first and include the name of your manager/supervisor and we will reach out to them. We will also need the full hostname of the PC you are connecting to, and the PC you are connecting from. 

If you use a personally-owned computer to remote in to your RIT computer, you must follow the requirements of the RIT Desktop and Portable Computing Standard and ensure you are up to date on patches.

*Do not use a computer system that is no longer supported to conduct RIT business (for example, Windows 7). If you are unable to follow the requirements of the security standard, you must have an approved exception request from the RIT Information Security Office. That request requires signoff by a Dean or VP.

Yes, many RIT resources require use of Duo MFA to log in to those resources. Ensure that Duo is configured so that you can use it from home. You must be able to either receive a push, phone call, or use a passcode. For issues with Duo, please contact the RIT Service Center, help.rit.edu or (585) 475-5000.

Appropriate tools for communication are

• Exchange for email (@rit.edu)
• myCourses for all course related communications
• Zoom for video and conferencing 
• Slack

Use your RIT email only and not any external account (Gmail, Yahoo, etc.) for RIT-related communications to avoid issues with email delivery.

Yes, Outlook Web Access is available at https://mymail.rit.edu/.

Working remotely may pose challenges for staff accustomed to collaborating in-person on campus. Several services have been approved by the Information Security Office:

• RIT provides Google for Education. Although you may use other collaboration tools, especially across universities, do not share RIT Confidential or Private information using these tools. Follow the requirements of the RIT Information Access and Protection Standard.
• RIT provides Zoom for meetings / staff use (Helpful Resources)
• RIT provides Zoom for instructional purposes / faculty use
• Adobe Creative Cloud Applications
• Office 365 is available for Students but not Faculty/Staff at this time

DO NOT store RIT information/documents on your personal device or other non-secure places (for example, Dropbox)

DO NOT share documents/information through personal accounts or messaging services (for example, Lync, Skype for Business, text messages, etc.)

It is advised to provide your contacts with alternate methods in which to communicate with you. Incoming calls to campus telephones can be forwarded to a personal mobile phone or home phone, but call forwarding must be configured while you still have physical access to your campus telephone. There is an associated chargeback of $5 a month and a one-time cost of $22.50. You must contact the RIT Service Center to request this. It is advised to provide your contacts with alternate methods in which to communicate with you. Another option is to make calls via Zoom with your RIT account.

RIT Information Security Provides best practices for using smartphones and other mobile devices securely. You should protect your smartphone similarly to how you would protect any other portable computer. In addition to using a PIN or other physical protection to control access to the device, one of the most important actions to take is keeping your smartphone up to date, including the operating system and applications.

• Keep your keyboard close to you, so you’re not over-reaching your arms.
• Your mouse should also be close to your body, arms should not be extending. 
• Relax shoulders and stretch your neck every so often.
• When sitting on a couch or bed, elevate your laptop with pillows so you’re looking ahead, not down.

Email [email protected] with questions about ergonomics.

If you don’t have an RIT provided laptop, you’ll need to take extra steps and precautions to make sure you work stays secure.

Desktop and Portable Computer Security Standard: To protect the RIT community and the university network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Information Access & Protection Standard: Provides requirements for the proper handling of information at RIT.

Requirements for working with Private or Confidential information are detailed in the Information Access and Protection Standard.

• You must use an RIT-issued and supported computer
• You must use VPN or RDP
• You should have a broadband connection
• You MAY NOT place RIT Private or Confidential data in cloud services such as DropBox that do not have RIT authentication, without an approved exception request. Private information must be encrypted. We recommend encryption for confidential information
• If placing private information on portable media (please don’t), it must be encrypted

RIT has recommendations for securing home Wi-Fi. Ensure your router has the latest security upgrades.

Ensure that your RIT or personal computer is password protected when you’re not using it. You do not want a family member inadvertently deleting or changing information. RIT-owned computers should be configured to screen lock automatically. If you are using your own computer, please enable the password-protected screen saver. Information about the software and instruction necessary to comply with the Desktop and Portable Computer Standard is available.

Yes. Be vigilant. Attackers always take advantage of chaos to launch phishing and social engineering attacks. Be especially alert for phishing attacks masquerading as communications around COVID-19. Expect Business Email Compromise (BEC) attempts where attackers try to masquerade as RIT leaders. Phishing and BEC attempts are not limited to email. They may come through phone calls or messaging.

• Report Business Email Compromise attempts to the ITS Service Desk. 
• Report phishing to [email protected], and the RIT PhishBowl has more information.

Depending on printer configuration, you may or may not be able to print to specific RIT computers. 

• Do not print RIT Confidential or Private information to non-RIT resources such as Kinkos/FedEx, etc. If you must print at home, ensure that you secure the printed information appropriately

All RIT Information Security Policies and Standards remain in effect.=

The standards of most relevance when working remotely are Password, Desktop and Portable Computing, Portable Media, and Information Access and Protection.

You may also be affected by the Cyber Security Incident Handling Standard.