Original post by Zarmeena Waseem for EDUCAUSE
Here are some helpful tips and effective practices for working safely and securely in a remote environment, whether it’s a temporary situation or a permanent transition.
- Use a VPN
Make use of the corporate VPN at your university for an extra layer of security any time you find yourself on a public or unsecured Wi-Fi network (if you are working at a coffee shop or a library, for example). You can usually request access to the company VPN through your IT department. If your institution does not offer a company VPN, check out a thirty-day money-back guarantee offer here. - Run Your Antivirus Software
If your university provides antivirus software, find out. Some universities equip employee computers with antivirus software or make antivirus software available online for download. You can usually get this information from the IT help desk or the campus security team. If your workplace does not offer antivirus software, MalwareBytes offers a good-quality virus scanner for free and a higher-quality one for purchase after a fourteen-day trial period. Run your antivirus program daily to pick up on any abnormal activity or possibly corrupted/malicious files that need to be quarantined or removed. Keep in mind that your VPN and antivirus software may not play well together. If this is the case, you may need to use one program at a time to make sure each piece of software works effectively. Please consult your help desk for guidance on proper use. - Run Your Updates
Keeping your devices and applications up to date is probably the most underrated way to protect them. It is also the most ignored. Security and software patches are released with most updates. This means that when you ignore an update, you are leaving an application or operating system vulnerable. - Beware of Phishing or Suspicious Emails
If you encounter suspicious messages or attachments, please forward them to the security team at your institution for further investigation. There has been a surge in malicious online activity as cybercriminals and cyberattackers leverage the heightened fear of the public during the coronavirus pandemic. Online criminals are delivering coronavirus-themed phishing messages via emails, direct messages, and text messages. These messages are often alarmist and include links or attachments with the call to action to “learn more.” Clicking the link often results in account compromise, malware delivery, or something else. As always, slow down and double-check the sender field. If a request seems unreasonable or out of character, do not respond. Contact the sender directly to verify it was them who sent the request or email. - Use Strong Passwords
Because there are a lot more threats out there during the pandemic, there are plenty of bad actors looking to take over accounts. The easiest way to protect your accounts from being compromised is to use long, complex, and unique passwords. A good rule of thumb is to make sure that your passwords are at least fifteen characters long and include a number, a capital letter, and/or a special character. The easiest way to accomplish this is to use passphrases that only make sense to you.- DO NOT recycle passwords.
- DO NOT use variations of the same password.
- DO NOT use the same passwords for your professional accounts that you use for your personal accounts.
Recycling passwords, using variations of the same password, and using the same password for professional and personal accounts are all sure-fire ways to have more than one of your accounts compromised in the event of a breach. To keep an eye on what accounts may be exposed, utilize haveibeenpwned.com. If your university has an official password manager, you can use it not only to store but also to generate strong, unique, passwords. If you do not know whether your university uses a password manager, get in touch with your help desk or your security team.
- Employ MFA
Double down on your account security with multifactor authentication (MFA). MFA adds a second check to verify your identity when logging in to one of your accounts. This helps to keep your account from being compromised even if your password falls into the wrong hands. MFA is often done in one of three ways:- SMS (text message). This is the least-secure two-factor authentication (2FA) option, largely because messages are unencrypted and susceptible to SIM hijacking attacks. However, keep in mind that SMS is still a better option than no 2FA at all. With this method, a single-use code made up of a string of numbers is sent straight to your phone.
- Third-party authenticator app. An authenticator app lives on your mobile device, and every time you enter your password, the app generates a one-time code, which you are required to enter. To use a third-party authentication app, you will need to download one (Google Authenticator, Microsoft Authenticator, etc.) from the app store for your mobile device.
- Security key (hardware token). This is the most secure 2FA option. It’s a small physical key that you either carry or plug into your device to complete your login. If your university issues security tokens, you should be able to request one from your IT or security department.
- Maintain a Clean Workspace
If you’re using a shared workspace, be conscious of clearing it of sensitive, nonpublic information, especially if you have to step away. Also, avoid printing out company information at home or in public spaces if it’s not necessary for your business function. In addition, if you are listening in on or participating in meetings that could be considered sensitive or in which you share nonpublic information, be sure to put on headphones. If you have the option, work in a separate, dedicated office space whenever possible. - Maintain a Secure Workstation
Use company-issued devices for all your work so you can take advantage of security controls built-in by your IT and security teams. If you would like to find out what settings to toggle on or off to secure your workflow and data on your company machine, please contact your respective IT and/or security department for advice.
If you follow these best practices while working from home—or wherever you may be—your work and your information (or other people’s information that you might handle) will be at a much lower risk of being compromised.
We hope everyone is staying safe, healthy, and productive.