Tufts places a high value on security and keeping our information and resources protected. This page outlines those required and recommended guidelines for securely working with technology at Tufts. Please take note of the University's expectations and best practices, especially when accessing Tufts resources or data remotely and/or from a personal device.
Disclaimer: This page/document does not specifically address expectations when traveling, whether domestically or internationally, or when working remotely from outside the United States.
IMPORTANT: If you were issued a Tufts-owned and TTS-managed device in the past 2 years, all of the key software and security features should be in place and you do not have to do anything except:
- Accept and install software updates/security patches when the become available
- Do not delete or disable key software and/or security features that were turned on
Those on older machines or if using a Tufts-owned but not managed or personal device should check security standards and ensure their operating systems and other software are up-to-date and encryption is enable. See details below.
Device Usage Policy
- Tufts Staff: Central Administration and School Administrators must use Tufts owned computers that are managed centrally by TTS for accessing and performing Tufts work that involves institutional information.
- Only exceptions if:
- Working with data that is defined as public data
- You are only accessing your own personal information
- Accessing your Tufts email & calendar (See “Access and Use Email” in section 5 below)
- On an infrequent basis, when using the TTS virtual desktop service.
- Only exceptions if:
- Tufts Faculty: Faculty are also encouraged to use a Tufts-owned and TTS-managed device for performing Tufts work that involves institutional information. However, faculty may have the occasion to use a personal device (tablet or laptop) when teaching or doing research. In these cases they must ensure the device meets computer standards and follows security protocol outlined below.
- Tufts Students: Students follow the BYOD (bring your own device) model and must adhere to the recommended computer guidelines and security protocol outlined below.
Request a device: If you do not have a Tufts-owned and TTS-managed device and believe you need one, please contact the 24/7 TTS Service Desk at 617.627.3376 or firstname.lastname@example.org.
Request a checkup: If you have a Tufts-owned but not managed device and would like a routine maintenance and security checkup, please contact the 24/7 TTS Service Desk at 617.627.3376 or email@example.com.
For emergencies when a Tufts owned-TTS managed device is not available, TTS has a loaner laptop program.
- Tufts-owned: A device purchased using Tufts funding or a grant but managed locally.
- Tufts-owned & TTS-managed: A device that was purchased centrally using Tufts funds and is managed centrally through the Tufts Technology Services (TTS) department
- Personal: Any device (laptop, desktop, tablet, mobile) that was purchased using personal funds and is managed by you.
Details on Technology Device Expectations and Usage, including other types of devices, can be found below.
Securely Working with Technology Protocol
Download the full TTS Guidelines for Securely Working with Technology guide with links to all detailed content found in the sections below.
When working remotely with Tufts information or resources, you are responsible for:
- Your working environment including using technology appropriately.
- Protecting Tufts data and systems and for complying with all related laws and regulations and University policies, guidelines, licenses and agreements.
- Routinely monitoring university communications on policy changes and complying with changes in all applicable policies and guidelines.
The policies you are required to follow include, without limitation, include: Business Conduct Policy; Information Stewardship Policy; Use of Institutional Systems Policy; Data Classification and Handling Policy; Information Roles and Responsibilities Policy; Email Policy; Box Use Guideline; Cloud Computing Services Policy; and Records Policies and Guidelines.
You are also responsible for following any policies or guidelines your unit, school, or office has developed that may place additional restrictions on the devices and services you use, especially if you perform that work off-campus, and/or using personally owned devices.
Additional information can be found on the Policies & Guidelines page.
Below is a list of key technology services and tools to enable the community to connect and collaborate successfully in their work at Tufts. A full list of technology services can be found on the Tufts Technology Services website along with practical online guides for using them.
|Service||Recommended & Supported Service/Tool||Links|
24/7 TTS Service Desk
(also offers remote assistance)
|Chat/Instant Messaging||Microsoft Teams|
|Online Meetings/Video Conferences||Zoom|
|Access, Store & Share content||Box|
|Email & Calendaring||Office 365||
|Access to Software||
|Secure & Private connection||Tufts Virtual Private Network|
|Loaner Laptop||TTS Laptop Loaner Program|
Tufts-owned & TTS-managed Laptops & Tablets
All Central Administration, School and Clinic Administrators are required to use Tufts owned-TTS Managed laptops. If you require a tablet to perform work duties beyond accessing email you can request a TTS managed tablet. See the later section on usage guidelines for personally owned devices.
Laptops and tablets will come prepared with the standard suite of software, appropriate security controls, and TTS central management and security tools.
How do I know if my device is TTS managed?
TTS managed laptops and Tablets will have a Tufts asset tag applied to the outside of the device. If you are uncertain if your Tufts provided device is TTS managed, contact the TTS Service Desk after checking for the presence of the Tufts asset tag.
Guidelines for Using a Tufts-owned devices
- Keep Software (OS and other) Up-to-date
- Use for Tufts business; limit personal usage
- Use a Strong Password
- Manually Lock Your Screen or Power Off every time you leave your computer
- Keep Automatic Screen-lock
- Don't Change Standard Privacy Settings
- Apply Patches & Updates
- Don't remove security software or change settings
- Use a Tufts-owned and managed tablet for work other than email and calendaring
- Keep hard disk encryption on all laptops enabled.
Personally-owned laptops, desktops, tablets, phones & other devices
For personally owned equipment, you are responsible for installing and maintaining the technologies to the standards set forth in these Guidelines. Personally owned devices can be used to access public data and your Tufts email and calendar.
Guidelines for Using a Personally-owned devices
- Use Tufts Virtual Desktop with personal devices (with some exceptions)
- Require a Password and Use a Strong one
- Manually Lock Your Screen or Power Off when you leave your device
- Set Your Screensaver to Automatically Activate
- Review Privacy Settings
- Apply Updates/Patches
- Install and Use Antivirus Software
- Configure the Firewall & Privacy Settings
Using ALL DEVICES: Laptops, Desktops, Tablets, Phones & other Devices (Tufts-provided or personally-owned)
Guidelines for Using ALL devices
- Only Install Trusted Applications
- Protect your WiFi and Bluetooth settings (disable mobile hotspot, sharing between phones, check bluetooth sharing/pairing settings)
- Limit sharing of devices
- Physically protect all portable devices
- Do Not Allow People you do not know and trust to connect to your devices
Accessing Tufts Services - Using Your Home and Tufts Network
Guidelines for Accessing Tufts Services
- Use the Tufts Virtual Private Network (VPN) when connecting to the Tufts internal network or data from off campus for those Tufts services that require it.
- Use Two-Factor Authentication (2FA) and Beware of Unexpected Requests
- Securely Configure your Home/Off-site Wireless or Wired Network
- Use Tufts-Secure WiFI when on-campus
- Use Tufts Virtual Desktop when needed to access a service
- Access and Use Email Carefully
Guidelines for Data Management
- Understand Tufts Rights to Institutional Data regardless of location or device ownership
- Know where Data is Stored and Store it only in Approved Locations
- Separate Personal and Institutional Information
- Back-up your Data
- Access Only What is needed
- Securely Delete or Return Data when No Longer Needed or Upon Request
- Securely destroy any Paper Documents when no Longer Needed or Upon Request
Selling, Transferring, or Disposing of any Device
Guidelines for selling, transferring, or disposing of any device
- Securely Erase all Devices When Your Use Ceases
- Return any Tufts-owned Device when Your Use Ceases or Employment Ends
Reporting Lost Devices and other Security Incidents
Guidelines for reporting security incidents
- Report a Lost Device or any other Security Incident Immediately by
- Contacting the TTS Service Desk (617.627.3376) and
- Follow the steps in Reporting Information Security Incidents.
- If Stolen, also report the theft to the TUPD at (617) 627-3030 or the local police.