Mobile and Home Office Security

Generally, all security measures and recommendations for your work or study place also apply to working at the flexible workplace.

However, special attention is required when accessing internal university information and programs from outside the University of Münster. Be aware of the way you access university data and programs so that no information can be accessed by unauthorized individuals.

  • Working with a Work Device at the Flexible Workplace

    In general, you should work with a work device instead of a private device at the flexible workplace, if available.

    • Store as little data as possible locally on the device, instead use the network drives of the University of Münster (for more information, see tips for storing information).
    • Keep work-related and private information separate and store only work-related data on the work device.
    • If you use a non-university Internet connection at the flexible workplace, VPN (Virtual Private Network) has to be used. VPN enables access from outside the University of Münster to offers that are only available in the university network (including journals, databases, software, network drives), e.g. for legal reasons and protects insecure networks (e.g. hotspots, WLAN at home). Here you can find more information about VPN and instructions on how to set it up on your computer. The login is done by 2-factor authentication using OTP.

  • Work with Private Devices at the Flexible Workplace

    Work-related information is not allowed to leave the jurisdiction of the University of Münster. Always keep work-related and private data separate. Safe access paths from your private devices are:

    • You can access your official device within the University of Münster from your private device using Remote Desktop Protocol (RDP). You can use Remote Desktop Protocol (RDP) after establishing a VPN connection. Remote desktop allows you worldwide access to your workstation, use of office programs, LaTeX and SPSS etc., access to printers and personal storage space (drive U:).
    • You can use VDI (Virtual Desktop Infrastructure) to access a personal virtual computer from your private device. VDI can only be used in arrangement with your IVV via VMware Horizon. With the help of a ZeroClient or the VMware Horizon software, the own virtual desktop can be accessed from anywhere. The login is done by 2-factor authentication using OTP.
    • If the VDI is used, no VPN is usually necessary.
    • Disconnect your private device from the network of the University of Münster again after the work-related use is finished.
    • Technical options and help with the setup can be requested from the responsible IVV.
    • Store data exclusively in the network drives of the University of Münster and not locally on your private device (for more information, see tips for storing information).

Mobile Devices

When using the Internet via mobile devices, such as smartphones or tablets, the same threats that apply to computers have to be expected.

Due to the increased risk of loss of mobile devices, they must be encrypted if they contain work-related data. Also see the regulation on the encryption of mobile devices.

  • General Recommendations

    • Screen locking needs to be set up and access needs to be secured with password/PIN.
    • The display of messages on the locked screen has to be deactivated.
    • Network connections have to be secured (WLAN, Bluetooth, NFC), especially unused connections and automatic connection (to public hotspots) have to be deactivated. VPN should always be used in public WLAN networks.
    • Data and storage on mobile data mediums (USB hard drive, USB stick, etc.) and on mobile devices (laptop, smartphone, tablet) have to be encrypted.
      • Encryption protects content from unauthorized disclosure and manipulation.
      • Sensitive information in particular needs to be encrypted (e.g., personal data).
      • Different encryption solutions depending on the purpose (entire drives, individual files, cloud):
        • simplest solution: encrypted ZIP file (with 7-ZIP)
        • other solutions: BitLocker, VeraCrypt, FileVault, LUKS, Cryptomator.
    •     Antivirus programs for smartphones provide limited protection, so special attention is needed.
    • Only install necessary apps, uninstall/deactivate unnecessary apps.
    • Research new apps before installing and only acquire apps from official sources (Google Play for Android or App Store for Apple).
    •     For further information, also see recommendations for using mobile devices at work.

  • Recommendations for Employees

    Use the Exchange system for work-related e-mail, contacts and appointments. The system enables automatic implementation of security recommendations (if supported by the device) and remote deletion of the data on the device in case of loss.

    Store sensitive person-related information only on servers of the University of Münster.

    The BSI has produced a guide regarding mobile security in which most of the required protection points are compiled thematically.