Overview
Bring Your Own Device (BYOD) is the act of using a personal computing device (computer, tablet, phone, etc.) for work or business-related activities. SUNY Potsdam understands the benefits for faculty and staff to use personal devices for work related tasks. Computing & Technology Services is committed to providing the best user experience to all members of the campus community while maintaining a secure environment. However, the use of BYOD when accessing, creating, and managing College data can present issues. The main area of concern is information security. SUNY Potsdam must ensure the College remains in control of data for which it is responsible regardless of the device used to process it. Employees who wish to use their personal devices must abide by the policy below. SUNY Potsdam is not responsible for the purchase or costs associated with use of personally owned devices.
Purpose
This policy defines the appropriate use and procedures for using personally owned computing devices on the SUNY Potsdam network and the storage of intellectual property, sensitive data or College licensed software.
Scope
This policy applies to faculty, staff, vendors and any other user that utilizes the network or computing resources provided by SUNY Potsdam for business related activities with a personally owned device such as:
- Portable computers; e.g.; laptops, notebooks, netbooks
- Portable storage media; e.g.; USB storage devices, flash memory cards, CD/DVD ROM
- Mobile devices; e.g.; cellular smartphones, Tablet computers
In some cases, these restrictions may be lifted by other official policies pertaining to certain staff, systems, or processes.
User Responsibility
Before faculty or staff make use of a personally owned device, every effort should be made to make use of College provided technology first. If this technology is not sufficient for a task your position requires, please consult with your supervisor who then should escalate the issue to the IT Service Desk.
All relevant College policies still apply to Faculty and Staff using BYOD. Please be sure to familiarize yourself with the following relevant policies and best practices.
Access to College owned data from personally owned devices is permissible from on and off campus when it is required to perform job responsibilities. However, for the security of College owned data, the following are not permitted:
- Storing a local copy of College owned data to personal devices
- Accessing or storing SUNY Potsdam’s Personally Identifiable Information (PII) or sensitive information on personally owned devices
- Accessing College owned data for reasons other than job responsibilities
- Distributing College owned data to non-authorized persons
- Use of software application licenses belonging to SUNY Potsdam when the device is no longer used for College business
- Devices that are no longer supported by their manufacturer and no longer receiving OS or security patches
Faculty or Staff who take advantage of BYOD must take responsibility for their own device and its use, which includes:
- Familiarizing themselves with their device and its security features so they can ensure the safety of College owned information
- Make use of relevant security features including enabling screen lock passwords known only to the employee using the device
- Avoid use of easy to guess passwords that permit access to campus owned information
- Do not reuse a password that was used for a personal service (e.g. bank)
- Maintain the integrity of the device by applying all Operating System patches and Virus/Malware Definition updates
- Maintain a support agreement for hardware and software related issues (CTS does not provide support for personal technology devices)
- Monitor the download and installation of malicious software
- Notifying Computing & Technology Services of any theft or loss of the personal device containing data or software application licenses belonging to SUNY Potsdam
The College reserves the right to prevent access of a particular device to the campus network or system if the device poses a threat to the integrity of our information technology assets. The College also reserves the right to retrieve and remove College owned data from unapproved devices.
Devices & Support
All devices connected to the SUNY Potsdam network are required to adhere to the Acceptable Use Policy. Devices must be registered under the user’s account and be current on all software updates and anti-virus solutions.
Technical support for personally owned computing devices is limited to the following:
- Troubleshooting network connection issues while on the campus Wi-Fi network
- Troubleshooting and installation of approved campus software resources (Note: some software licensing agreements restrict usage to College owned equipment only)
- Troubleshooting of Microsoft O365 web client
- Configuration of the VPN client to allow access to secure resources with approval
- Providing software application support if the software is required to perform job functions as determined by Computing & Technology Services
- Note: It is the responsibility of the device owner to have and provide authentic, individually owned and registered software before assistance is provided such as, but not limited to, a valid license for their operating system on a computer or device “Jailbroken” or “kracked” operating systems are not allowed
Examples of support services that will not be provided include, but are not limited to:
- Troubleshooting device performance or hardware problems
- Installation of new or replacement hardware
- Troubleshooting software applications or cloud services not required for job functions
- Installing Operating system updates, patches or software applications not required for job functions
- Backing up device data or migration to another device
- Third party email clients/accounts
- Removal of malware, spyware or virus
Sanctions
Violators of this policy will be subject to the existing employee disciplinary procedures of SUNY Potsdam. Sanctions may include the loss of computing privileges. Illegal acts involving SUNY Potsdam computing resources may also subject users to investigation by campus, local state and federal legal authorities.