Best Practices for Securely Working Remotely
Please note: personally-owned computers used by multiple people in the household are unlikely to meet the minimum security for networked devices standards. Risks to consider with home systems include:
- Multiple users with administrator access allow for download and spreading of malware
- Insecure configurations leaving the systems vulnerable to attacks
- Home use software installed that are not supported and may not be patched for vulnerabilities
- Institutional information downloaded or cached to the machine may be exposed to other family members
It is highly recommended that remote workers use university-owned, and managed, equipment when working from home.
Keep Work Data on Work Computers
Using a personally-owned device to do University business puts both you and the Campus at risk. If you do not have a work computer to use at home, you must follow these practices.
Update and Patch
Update everything on your devices, including operating systems, web browsers, and applications. Attackers can exploit vulnerabilities in old versions of software.
Use Anti-Malware Software and a Firewall
Install anti-malware software (anti-spyware, anti-virus) and enable a firewall on your device(s). Default firewall settings are acceptable for current Macs and Windows Computers, but be sure to verify that they’re turned on.
Avoid Public Wi-Fi
Do not use public Wi-Fi when logging into campus systems with your University-owned laptop or your personal laptop when doing University work remotely.
Protect the Data on Your Device
Sensitive/notice-triggering data must not be stored on a laptop (or any other portable device) unless absolutely necessary and, if so, must be strongly encrypted. The two most common methods to protect data on laptops are “whole disk encryption” and “file encryption”.
- Whole Disk Encryption Software protects the entire hard drive
- File Encryption Software encrypts a file or folder
In addition, enable a lock screen on your phone and be sure the settings are enabled to erase/wipe should the device get stolen.
Never leave your device unattended, always lock your doors, and never leave your device in a vehicle – not even in the trunk. Keep work laptops and devices secure at all times while working remotely.
Lock Up Your Laptop
Lock up your laptop when you step away, even at home. Incidents happen, and it is good practice to lock up your laptop when you are not using it.
Password-Protect Your Devices
Password-protect all of your devices with a strong password or PIN. Set them to lock the screen after no more than 15 minutes of inactivity. Shorter is even better.