InfoSec Blog - Working from Home Securely
March 18th, 2020 (Updated April 15th 2020)
Working from home just got very real for most of us. While you are probably focused on making sure you have the technology you need to work from home, security may not be top of mind. However, it is still very important to remain vigilant in order to protect your devices, your personal information, and the University.
This post is intended to help you stay safe and secure while you adjust to the reality of working from home. Rest assured that the Information Security team is still hard at work and available as a resource if you have questions or concerns. Please do not hesitate to reach out to us via email (firstname.lastname@example.org) or by submitting a ticket to the CCS Help Centre (IThelp@uoguelph.ca).
- For a list of CCS support resources to help you work from home, visit our Working Remotely website.
- For support with teaching remotely resources, visit the OpenEd Academic Continuity website.
- For tips and best practices for setting up secure video conferences where sensitive or confidential business information will be shared, visit the Information Security blog on that subject.
- If you are a Managed Desktops client and you have that device at home, you already have the appropriate security settings in place and you are ready to work.
- If you have a device that is managed by another IT department, you should have the appropriate security settings in place. However, please check with your IT admin and review the list below to ensure all steps have been taken.
- If you are using a personal computer to connect to the University from home:
- That system must have anti-malware software installed to protect your account and the campus network. McAfee VirusScan for Windows can be freely downloaded from the Software Distribution site. For Macs, we recommend Avast Antivirus which is available for free.
- Ensure that your computer and other devices used for work purposes are up to date with the latest operating system and application updates. Remember to patch your internet browsers and productivity tools as well. If possible enable automatic updates.
- While working from home, do not download or store sensitive University data on your home computer.
- Reminders for all users:
- Do not use public WiFi networks to conduct University business.
- Ensure all of your devices are protected by a strong password.
- Be sure to lock your screen if you are working in a shared environment and make sure your family and friends understand that they cannot use your work devices.
- Stay vigilant with your email and watch for phishing messages and scams. Be sure to report suspicious messages to InfoSec so that we can take action by forwarding them to email@example.com.
- Be on the lookout for social engineering attacks. While we are all working diligently to keep the operations of the University going amid this pandemic, the bad guys are just as busy trying to capitalize on it. We have learned about a number of reported COVID-19 related scams that you should know about which you can read about on our COVID-19 Scams page.
- Secure your wireless network at home:
- Change the default admin password on your wireless router.
- Enable WPA2 encryption and use a strong password for access to your wireless network.
- Be aware of all the devices connected to your home network, including baby monitors, video doorbells, gaming consoles, TVs, appliances, etc.
- Review our blog post on Securing Your Home Network for more tips.
- Make sure all of your accounts have unique passwords and consider using a password manager to securely manage them. Review our blog posts on complex passwords and getting started with a password manager for more information.
On a more personal note, be sure to maintain your sense of work/life balance and keep a positive mental outlook while working from home. SANS has some great tips on making the best of working from home.
Stay safe out there and know that CCS and Information Security are right here with you and ready to help in whatever way possible.
Written by: Stephen Willem (Chief Information Security Officer)