Information Security Reminders for Remote Work

Many of us are working remotely for more than a few days or for the first time. Lots of things may be new and will take getting used to. There are some things that you should remember about information security as you begin this alternative way to work.

CISO Office Hour Webinar: Information Assurance and Security

If you take equipment home from the campus:

  • Keep it physically secure
  • Don’t let others use it
  • Log off and power down when not in use
  • Keep up with software and antivirus updates

Using personal equipment for remote work:

  • You can use your personal computer, laptop, tablet, and phone to work from home if you choose so long as the data remains in the cloud (e.g. Google Drive, Box). 
  • Never download personally identifiable information, sensitive FERPA information, health information, or other confidential information to your personal device. PHI must be stored on a university system. Other confidential information can be stored in Google Drive or Box.
  • You should load software required to use the campus virtual private network (VPN) if you need to access applications only available to on-campus addresses. The VPN may let you access departmental file shares. Remember, don’t download data, work in the file share.

Securing personal computers for remote work:

  • Create a separate non-administrator account for your work-from-home items
  • If your computer supports disk encryption, especially for a laptop, turn it on  
    • Windows: Not all Windows versions support BitLocker.
    • Mac: FileVault
  • Keep system up to date with automatic updates
  • Keep antimalware (antivirus) up to date
    • If you don’t have antimalware, Sophos offers free antimalware for home users that is similar to the software widely used on campus
  • Turn the firewall on
    • Windows: Windows Defender
    • Mac: Firewall in the Security and Privacy area in system settings

Other things to consider and remember:

  • Secure your home wireless network. There’s a great guide for this from SANS.
  • Google 2-step authentication helps protect your Connect account. Turning it on is fast and easy. It will prevent anyone from accessing your account if your password is compromised. You should do it for your personal Google account too.
  • Watch out for fraud spam and phishing. Phishing, especially COVID related phishing is on the rise.
    • TNO (Trust No One) - be skeptical. It’s easy to use a fake “from” name
    • Watch out for #fakenews and rumor spreading
    • Don’t click it -- Don’t open it
    • If you have to -- check the URL or attachment at virustotal.com. Virustotal uses the collective power of dozens of antivirus products to check attachments and websites for malware. If anything shows up as suspicious, don’t open it.

Virtual Private Network (VPN):

  • Many applications only work on-campus
  • VPN provides a way to get a campus address
  • If you can’t access an application, try the campus VPN
  • Student Affairs and the Library have their own VPNs 
  • Get started from the campus VPN page

Zoom:

  • Zoom is a great tool, but criminals like to use it to cause problems. There are steps that you can take to use Zoom productively and securely. You can find more information here.

...