Securely Working From Home
Just as the university is a target, so too are you at home. Your personal information, accounts, emails, and even your systems at home are valuable to cyber-attackers. Not only can remote workers have their own privacy put at risk, working from home could result in breaching university information as well. This is why it is essential that when working from home, you follow the university’s information security guidelines. Read on for some additional steps you can take to create a more cyber-secure home environment.
Plan Ahead for Remote Work
Be ready for Two-Step Verification: If your only two-step option is currently a call to your campus phone, you can add two-step to your cell phone.
Identify the computer you will use remotely: Make sure it's updated and in good working order. Many university web services like M365, Blackboard, Banner, Library services, Microsoft Teams, and even Zoom all work on iPads, Chromebooks and other mobile devices as well.
Know how to find your files: Check in with your department or Information Services to make sure you know exactly where your important files are stored, and how to access them remotely from your computer. Know the best way to connect to the files you depend on.
Take a dry run: After reviewing this guide, try using all these tips at home in advance.
Identity Social Engineering Attacks
First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you by attempting to trick you into clicking on a link or attachment. The most common indicators of a social engineering attack include:
- Urgency:Messages or calls that create a sense of urgency, often through fear, intimidation, a crisis, or an important deadline. Scammers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government, or international organizations.
- Unsolicited Requests: A message or phone call that pressures someone to bypass or ignore security policies and procedures to submit personal or financial information.
- Unusual Wording: A message from a friend or co-worker in which the signature, tone of voice, or wording does not sound like them.
Secure Your Home Network
Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. Use following steps to secure it:
- Configure the network settings:Older Wi-Fi settings use weak forms of encryption, such as WEP. Instead, be sure you are using WPA2, which uses advanced encryption to protect your network activity.
- Change the default settings: The administrator account is what allows only you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided. Next, change the default name of your wireless network, commonly known as the SSID. Choose a name that cannot be tied back to your address or your family name.
Not sure how to do these steps? Ask your Internet Service Provider, check their website, or check the documentation that came with your wireless access point, or refer to the vendor’s website.
Use Strong Passwords
When a site asks you to create a password, create a strong password or passphrase, the more characters it has, the stronger it is. It is important that all of your Internet connected devices have a strong account password.
- Use a passphrase: One of the simplest ways to ensure that you have a strong password is to use a passphrase. A passphrase is nothing more than a password made up of multiple words, such as “junkyard bees sounds inviting ” You can add numbers and symbols throughout to make it more secure.
- Make it unique: Using a unique passphrase means using a different one for each account. This way, if one passphrase is compromised, all of your other accounts and devices are still safe.
- Try a password manager: Cannot remember all those passphrases? Use a password manager like “Lastpass”, which is a specialized program that securely stores all your passphrases in an encrypted format.
- Enable two-factor authentication for each account: Two-factor authentication uses your password and adds a second step, such as a code sent to your smartphone or an app that generates a one-time code.
Update Your Software
Make sure each of your computers, mobile devices, programs, and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use in order to hack into the devices and steal personal information. By ensuring your computers and mobile devices install updates promptly, you make it harder for the devices to become compromised.
- Enable automatic updates: To stay current, simply enable automatic updates whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles, and even your car.
Protect Your Network Activity
Surfing the web or making transactions on an unsecured network, such as public Wi-Fi, means you could be exposing private information to an eavesdropping cybercriminal. One way to protect online privacy is to use a Virtual Private Network (VPN). A VPN will provide an additional layer of security by encrypting data in transit.
Use Antivirus Software
A good antivirus software can act as a line of defense by detecting and blocking known malware. Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.
Data can be lost in a number of ways, including human error or a cyberattack. Ransomware and other types of malware can wipe entire systems. Be sure you have a backup of your information and are using appropriate storage options for university data.
Personal Computer Note: Avoid using a shared personal computer for university business. If this is your only option:
- Save files in an approved university storage option.
- Use university cloud based applications whenever possible.
- Disconnect from the university VPN when not working on university business.
- Do not save your account password to the computer.
- Create a separate account and password for reach individual using the computer.
Mobile Device Security
Mobile devices, including Smart Phones, are portable computers that should be secured the same as any computing device. Adhere to these practices:
- Lock your phone with a PIN or password.
- Avoid storing sensitive data on your phone.
- Use caution when connecting to public wireless networks.
- Update your mobile device apps frequently.
- Disable Bluetooth and Wi-Fi when not in use.