DIT has provided a list of guidelines for data security while teleworking:

1. If you receive a Duo MFA alert, do not press APPROVE unless you are personally trying to log into your account. Receiving that alert when you are not actively trying to log in means that someone knows your Directory ID and password and is trying to use them. Change your password immediately at password.umd.edu.
2. Conduct university business using your university email account. Institutional data such as FERPA-protected student information cannot be stored on or sent to/from your privately owned computer or email account. Do not forward your umd.edu email to a personal account such as Gmail. If you need to work with FERPA-protected student data or other sensitive information at home and lack a UMD issued computer, you can utilize the UMD Virtual Workspace or contact us about remote desktop services.
3. Continue to be alert to messages that appear to come from colleagues or supervisors but instead come from non-university accounts that look similar to a real one. This is especially true if the message is asking you to do unusual things such as purchasing gift cards or performing wire transfers. Forward any questionable messages to spam@umd.edu for review.
4. If you are using a university-owned computer at home, periodically (about once a week) use the UMD-provided VPN software so that your computer can update its licenses and software.