Safeguarding PII While Working From Home

Personally Identifiable Information (PII) is information that, when used alone or with other relevant data, can identify an individual. Many employees work with PII about students, staff or alumni. Find a more detailed definition of PII and Kalamazoo College’s policy for protecting it on the IS Policies page.

  • Follow the steps in our earlier post “Tips for Working Securely from Home.” In particular, employees should be extra vigilant when working from home against social engineering attacks.  It might be harder to tell if that email from your supervisor or colleague is legitimate when you are not located down the hall from them. If you receive a request for PII, we suggest that you get verbal/video confirmation from the requester.  
  • Try to minimize how much PII you work with from home. 
  • Never send PII through email 
  • If you need to work with PII, the best way to keep it secure is to store it on a computer that is on campus under IS management. This would include the KFiles server. We do not recommend storing PII on cloud-based services or on your device at home.  
  • To work with PII, you can also use remote access via our VPN to connect using Remote Desktop to a campus computer. Another advantage to connecting with remote desktop is that if your home internet connection is unstable, your work is preserved on the campus desktop if you get disconnected.
  • If you have further questions or need help getting set up for remote access, please contact the Help Desk.

Update to Faculty

The Information Services Team has worked to produce extensive content to support online learning and collaboration during Spring Quarter. You can follow our COVID-19 Online Learning Plan Updates and Faculty Tools pages. Recent posts include information about virtual computer labs, tips for working securely from home, and student writing in Moodle.

What’s Working

  • Response to Microsoft Teams has been strong. We currently support over 425 various Teams including courses, committees, departments, and more. We intend to continue to refine and expand support for Teams in the future.
  • We’ve welcomed faculty new to Moodle for their asynchronous course communication and supported returning faculty in developing further skills. The number of Moodle courses is up 35% from Spring Quarter 2019.
  • Early adoption of Microsoft Stream has provided another robust platform for video communication and eased the burden on other hosting sources.
  • Classes that require software that is available only in on-campus labs can now access them remotely. This has maintained learning opportunities with programs like SPSS, MATLAB, and ArcGIS that would have been otherwise lost.

What’s Not Working

Moodle Supporting Large/Long videos

Moodle users began experiencing “500 – Internal server error” messages last week. We believe the major cause is lengthy videos hosted directly onto Moodle. Therefore, we have expanded our support of Microsoft Stream and encourage comfortable users to post to YouTube when appropriate. Currently, we are asking faculty to refrain from posting any videos longer than five minutes directly to Moodle.

Stream and Privacy

Many course videos of student introductions and instructor content are currently posted as available for anyone at the College using Stream. It is important that users not inadvertently share with larger audiences than they intend. Please know that the Quick share option available via the Stream phone app publishes video with the permission Allow everyone in your company to view this video. For more control, disable Quick Share and then use Save as draft. For further discussion of permissions in Stream, please visit the Video Streaming page of the IS website or watch our video overview.

Choice of Videoconferencing platforms

We have received extensive feedback about user experiences in Zoom and Teams. We know that Zoom’s expanded display of video and some of its scheduling features are appealing. However, we are also aware of increasing concerns over “Zoombombing” and the challenges of conducting College business in unsupported platforms. Microsoft recently posted that they are working to accelerate their implementation of increased number of concurrent video displays in Teams. Information Services believes that the benefits of using a more secure tool that is integrated to our software architecture is the best choice. We’ve published a post titled Moving from Zoom to Microsoft Teams that addresses some of the most common questions and attempts to provide solutions for success.

Teams Calendar Event Feature

Some Microsoft documentation references “Meeting” and “Calendar” tabs inside Microsoft Teams. These are integrations that are not available at the College. Windows users with Teams and Outlook 2013 or later versions can use Outlook to schedule Teams meetings. For additional strategies on initiating and managing calls, please refer to Moving from Zoom to Microsoft Teams.

Return to all COVID-19 Online Learning Plan Updates

Tips for Working Securely from Home

One of our goals is to enable faculty and staff to work as securely as possible from home.

Our partner in security awareness training, SANS, offers these five steps, also available in more detail as a Top 5 Tips for Working Securely from Home download (PDF, 1.04 MB).

1. YOU are the best defense against social engineering attacks

Don’t let attackers trick you into giving them your login information or personally identifiable information (PII). They’ll try to do this by creating a sense of urgency, posing as tech support or someone you know. Information Services will never ask you for your password.

2. Secure your wireless network

  • Change the default administrator password
  • Enable strong security by requiring a password and enabling encryption
  • Make the passwords strong

3. Be smart with passwords

SANS recommends using a multi-word passphrase to ensure a strong password with many characters. Use different passwords for your KNET account and other accounts, and manage all the passwords with a password manager such as KeePass.

4. Keep software updated

Ensure your computers and mobile devices install software updates promptly, enabling automatic updating whenever possible.

5. Keep kids and guests off your work devices

They can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.