Purpose
The purpose of this policy is to ensure the integrity and security of Teachers College’s information technology resources by regulating the devices that gain access to the TC network.
Scope
This policy applies to all students, staff, faculty members, officers, employees, and affiliates of Teachers College, Columbia University, including extended learning sites, guests, tenants, visitors, contractors, consultants, vendors, individuals authorized by affiliated institutions and organizations, and all others granted use of and/or access to Teachers College, Columbia University technology resources and data.
Policy
Access to the TC network is achieved through any of the following four channels:
Wired
Any new wired device requests should be submitted to the Service Desk for approval and processing. Other than certain on campus housing units, personal routers, switches, printers and wireless access points are not authorized to be plugged into any hardwire port on the TC network. If a TC staff/faculty member is unsure whether they can connect a specific device, please open up a Service Desk ticket for approval.
TC-Secure Wireless
TC-Secure affords secure wireless connectivity to active TC staff and faculty while on-campus.
Staff and faculty can connect to TC-Secure via two methods - TC-owned devices for elevated access privileges, and personal devices for secure internet access. Access to TC printers and on-campus presentation streaming devices is allowed from personal computers connected to TC-Secure as well. Whether connecting via TC-Owned or personal, both are covered by TC’s security services, and offer staff and faculty enterprise-grade security when accessing the web.
Eduroam Wireless
Developed for institutional research and education, Eduroam is a roaming wireless access service that allows students, faculty, staff and visitors access to the internet using their UNI not only at Teachers College but at over 1000 institutions in more than 100 countries.
Students and faculty can connect to the Eduroam wireless network for secure internet access while on-campus. Access to TC printers and on-campus presentation streaming devices is allowed via Eduroam as well. Eduroam users are covered by TC’s security services, and offer students enterprise-grade security when accessing the web. Because the TC Eduroam service is hosted by Columbia University IT, students and faculty can access Eduroam automatically when traveling to the main campus, without having to re-authenticate.
TC-Guest Wireless
Guests of TC can connect to the TC-Guest wireless network from any personal device for 24 hours of internet access as well as access to on-campus presentation streaming devices. There is no limit to the number of 24-hour access periods that a guest user can sign up for, but they are required to authenticate with their name and email address each time. While this network is protected by TC’s security services and offers guest users enterprise-grade security when accessing the web, it is a guest network and therefore, devices should have their own antivirus and anti-malware software running for their own protection.
Permission to access these networks is defined by device type in the sections below:
1. 0 TC-Managed Desktop Computers, Laptop Computers, and Tablets
TC-Managed devices (tagged and configured by the Service Desk) can connect via wired connections, as well as wirelessly via TC-Secure.
2. 0 Printers
Printers should be connected via wired ports for network connectivity. If a printer is wireless-only, then a request should be sent to TC’s Service Desk in order to get it connected to the TC wireless.
3. 0 Personal Laptops, Tablets, and Mobile Phones
Personal devices are not authorized to be connected via wired ports. Wirelessly, they can be connected to TC-Secure, Eduroam, or TC-Guest depending on the user type. Staff should connect to TC-Secure. Faculty have the choice of connecting via TC-Secure or Eduroam. Students should connect via Eduroam and guests should connect via TC-Guest.
4. 0 Internet of Things Devices
Internet of Things (IoT) devices are computing devices embedded in everyday objects, such as voice-activated smart speakers. The biggest concern surrounding the use of these devices is privacy, as these devices are always listening and sending recordings to the cloud back-end. These devices may have recordings reviewed by humans with the premise of helping improve the interactive experience with the devices.
Members of the TC community who want to connect IoT devices, such as smart speakers, to the TC network must make an official request by contacting TCIT at servicedesk@tc.columbia.edu or by calling 212-678-3300. Failure to do so will result in the IoT devices being deactivated and removed from the TC network.
The TC community is expected to follow the following protocols for using IoT devices:
- Faculty and staff must disable IoT devices, such as smart speakers, when meeting with students. In the interest of privacy, faculty and staff must mute or turn off devices such as smart speakers in their offices during meetings with students.
- Review the IoT device privacy policy. Check with your device manufacturer for this and become familiar with it.
- Review the privacy and security settings. Choose security and privacy settings you are comfortable with. Don't just accept the out-of-the-box settings, which tend to err on the side of sharing more information with the manufacturer rather than emphasizing your privacy.
- Change the "wake" word that activates your device. For smart speakers, change the wake word to something unlikely to occur in everyday conversation, and that visitors will not know. Be aware that devices can hear sounds through residence hall or apartment walls and through windows.
- Use two-factor authentication. Protect the service account (for example, the Google or Amazon account) linked to the device by enabling two-factor authentication if it is offered.
- Keep software and devices up-to-date. Regularly check for and install software and firmware updates. Enable auto updates where available.
- Connect the device to a trusted network. Connecting IoT devices to TC’s wireless network will require support from the Service Desk.
- Set a strong, unique password for each device and service. Immediately change default passwords that come with the device. Set a different password for each device and service.
- Delete/erase stored recordings. On a regular basis, erase or delete recordings that your device may have saved (for example, voice commands).
- Use caution when connecting third-party extensions. Be aware of the personal information you are sharing with them.
- Disable features you don’t use. Turn off the microphone and camera or mute a device when you aren’t using it. Turn off voice purchasing if not needed, or set a purchase password to prevent inadvertent or unauthorized purchases.
- Do not connect a debit card to a device. Only a credit card will shield you from full liability for fraudulent purchases. Debit cards do not offer the same protections; it is best not to use them for online purchases.
Responsible Office: Teachers College Information Technology
Effective Date: February 1, 2021
Last Updated: January 15, 2021