Remote Access Policy
Purpose
The purpose of this policy is to define standards for connecting to the Babson College network from any remote host. These standards are designed to minimize the potential exposure to the College from damages which may result from unauthorized use of College resources. Damages include the loss of sensitive or personal data, intellectual property, damage to public image, and damage to critical internal systems.
General/Definitions
Affiliates: Personnel who are not faculty, staff or students at the College who require access to the Babson College network to perform work for the College.
Anti-virus: Software that protects computers from malicious programs when configured appropriately.
Firewall: An application intended to restrict access to a computer. The firewall application should be set to restrict access unless required by specific applications.
Personal Information: An individual’s first name and last name or first initial and last name in combination with one or more of the following data elements: social security number, driver’s license number or state-identification card number, or financial account number, or credit or debit card number, with or without any required security code, access code, personally identifiable identification number or password, that would permit access to a resident’s financial account. (Massachusetts General Law Chapter 93H)
Remote Access: Any access to the Babson College network through a non-college controlled network, device, or medium. Remote access includes access from an employee’s home.
Sensitive Information: Data whose disclosure would not result in any business, financial or legal loss but involves issues of personally identifiable credibility, privacy or reputation. The security and protection of this data is dictated by a desire to maintain staff and student privacy.
Spyware: Applications generally installed without the knowledge or consent of the user. These applications then monitor activity on the computer with the purpose of obtaining Sensitive Information or Personal Information that can then be sent to another location or used locally for malicious or undesirable purposes.
Organizational Scope
This policy applies to all College employees, students, contractors and Affiliates including vendors and agents with a College-owned or personally-owned computer or workstation used to connect to the Babson College network. This policy applies to remote access connections used to do work on behalf of Babson College including reading or sending email, viewing intranet web resources, and working with Babson College internal applications and data.
Policy Content and Guidelines
In general, Babson College Information Technology Services Division (ITSD) provides means for remotely accessing services ranging from publically available web sites to email to enterprise applications containing Personal Information. Most remote access will be available via the user’s web browser and will require only that generally accepted, standard precautions be followed. However, users requiring remote access to applications and data that contain Personal Information must submit a justification signed by the appropriate President’s Cabinet member to the Security Committee for approval. Only those users with that approval will be granted remote access.
General Remote Access Guidelines for Personal Computers
- It is the responsibility of Babson College employees, students, or Affiliates with remote access privileges to the College network to ensure that their remote access connection is given the same consideration as the user's on-site connection. This includes the following:
- Implement credible and reputable anti-virus software (the College provides anti-virus software for download). The software must be operating at all time, in real-time scan mode, the virus definition list should be updated at least once a day,and the user must schedule a weekly, full-system scan. Please refer to the documentation for the software being used or contact the Service Center at support@babson.edu if you require assistance.
- Implement anti-spyware to protect private information. The software must be operating at all times and the definition list must be maintained and up-to-date. Please refer to the documentation for the software being used or contact the Service Center at support@babson.edu if you require assistance.
- Enable the built-in firewall that is included in major operating systems (i.e., Windows and Macs).
- Check for vendor security updates and apply them. Periodically, security weaknesses in operating systems and/or applications are discovered and the vendor will then provide security updates to remediate these issues. Enable the automated feature in major operating systems (i.e., Windows and Macs) that checks for and applies security updates. If you have questions regarding the suitability of specific updates, please contact support@babson.edu.
- Establish strong password syntax (i.e., at least 8 alpha & numeric characters) and protect the password. A password is used to provide authentication to an application and/or system. Never share your password with anyone even family members.
- Limit your computer usage to yourself and restrict others from using it especially for internet access because they may unintentionally download malicious software (e.g., key logging program).
- It is the responsibility of Babson College employees, students and affiliates to review the College’s computing policies, including the following:
- Babson College Personal Information Security Plan
- Password Reset Policy
- Acceptable Use Policy
- Affiliates who require remote access privileges will be granted access on a case by case basis. Affiliate access may be requested by contacting the IT Service Center.
- No devices or software may be installed that allows remote access to the Babson College network such as modems, PC remote control software (e.g. gotomypc.com), wireless access points, or VPN servers. All remote access will be provided centrally by ITSD. Remote Access to Personal Information In addition to the general guidelines, remote access to applications and/or data containing Sensitive Information or Personal Information will only be granted to users utilizing a Babson laptop or PC. Furthermore, each case will be treated individually by the Security Committee, ITSD, and the Department Head and the appropriate remote access solution will be provided based on the situation, need, and particular circumstances. Remote access rights for these cases will be granted on a time-limited and renewable basis.
Termination of Remote Access Rights
A users remote access rights will be terminated:
- Upon expiry for time limited rights
- Upon separation from the College, in all cases
- Upon termination of an Affiliate’s contractual relationship
- In the event of violation of this or other College policies regarding information technology
Failure to comply with this policy regarding remote access connection to the Babson College network may result in disciplinary action including termination of employment.
Approval Agency
Vice President for Administration and CIO Vice President and General Counsel
Approval Dates
This policy was originally approved on:
This version was approved on:
This version takes effect from:
This policy will be reviewed by:
Policy Sponsor
Director, Architecture & Development