The rapid spread of the coronavirus (COVID-19) is forcing many colleges and universities to send staff and faculty home. In the best case scenarios, higher ed leaders are allowing employees to take college equipment off campus property with them, such as a laptop or word-processing software that can be operated offsite with relative ease.
In these cases, colleges and universities need to have IT asset tracking mechanisms in place to ensure this equipment is accounted for and working properly. Here are six IT asset management best practices for information technology officials to consider.
1. Sign out and track all IT assets that are being taken home. No IT assets should be allowed to leave a campus site for the first time without formally accounting for each movement.
2. Make sure solid firewall and passcode protections are in place for accessing company systems. Colleges that have implemented proper IT asset management procedures will “scale up” to accommodate a shift in traffic from the workplace to remote access.
3. Consider requiring staff and faculty to sign a Non-Disclosure Agreement (NDA) about the data they will have access to outside the office.The data is often significantly more valuable than the IT assets in which it is contained. Vital company information may be at stake and an NDA sends a message to employees that they have serious responsibilities that must be honored and respected.
Related: 10 free higher ed resources during coronavirus pandemic
Related: How to prep faculty for e-learning during coronavirus closures
4. Provide education and training to staff and faculty about how to responsibly manage their equipment and the university’s data. For example, parents who are accustomed to allowing a child or spouse to use a personal smartphone or computer must be coached to avoid doing so with campus IT assets. Colleges may also elect to forbid the use of IT assets on public Wi-Fi networks, such as coffee shops and fast-food restaurants.
5. Monitor faculty and staff data use and other remote practices. It would be nice to assume everyone will follow the rules and be a team player, but that doesn’t always happen. Any potential for mischief or data abuse may be heightened in a work-from-home environment. Remember that most data breaches are caused by insiders, not outside hackers.
6. Tighten up the reins on Bring Your Own Device (BYOD) practices. The reality is that the longer someone is out of the office, the more likely it is that they will do university business on their personal smartphone, computer, tablet or other Bring Your Own Device (BYOD) asset. A device that is BYOD could simply be a personal phone that receives work emails. If the faculty or staff member’s contract or policy language does not give the data rights to the organization, the IT asset manager will need to make an addendum giving the rights to the organization. The employee may own the device, but the work-related data is 100 percent owned by the college or university.
Barbara Rembiesa is president and CEO of International Association of IT Asset Managers.
