Ensuring that institutional data, and cyber infrastructure, are secure is a shared responsibility for all staff at IU.
It is equally important to ensure that best practices are observed, and safeguards are in place, while working from home as when working from the office.
Working remotely requires employees to exercise greater vigilance in ensuring that necessary security measures are taken in home environments, since these lie beyond the purview of IT staff.
Ensure that software updates are running on all your devices, including PCs, smartphones and tablets.
Software updates for laptops and desktops that are issued by our IT support staff are centrally managed. To avoid centrally enforced update pushes, instructions on how to apply updates in your own time are located here for departmentally issued Macs: https://uisapp2.iu.edu/confluence-prd/display/VPUE/Install+applications+and+updates+on+a+Mac .
Verify that virus and threat protection software is activated and running on your device. Windows Security (formerly Windows Defender) comes integrated with the Windows OS, and departmentally issued Mac OS devices come with ESET Internet Security installed. For personally owned computers, Sophos Home (https://home.sophos.com/en-us.aspx ) is a recommended internet security solution that is available for free.
Hardware encryption should be enabled on all mobile devices (laptops, smartphones, tablets, etc.) that access institutional data. Devices should also employ a PIN, screen lock pattern, or passcode/passphrase for access. These safeguards are required irrespective of whether devices are university owned, or personally owned.
- To verify that your laptop has whole-disk encryption enabled, follow these instructions: https://kb.iu.edu/d/bavx.
- To secure your iOS device, follow these instructions: https://kb.iu.edu/d/ayem .
- Instructions on securing Android OS devices are located here: https://kb.iu.edu/d/azld
Limit access to devices that you primarily use for work. Friends and family should not be allowed to use these devices for casual purposes. Installing software on the devices from questionable sources, or visiting dubious websites, should be avoided.
Protect devices from theft or physical damage. This requires taking common sense measures to ensure that your devices are not left exposed to where they go missing, are dropped, or are doused in your favorite beverage.
Keep sensitive institutional data on IU data infrastructure, unless university business purposes dictate otherwise. When working with institutional data that is classified as ‘University-Internal’, ‘Restricted’, or ‘Critical’, use your IUanyWare Desktop or terminal services (e.g. Remote Desktop) to your work computer in the office. Do not work with sensitive institutional data directly on your personal home computer. Use the IU Data Classification Matrix when in doubt about how data is classified.
Use approved platforms for sharing and storing classified data. The Data Sharing and Handling (DSH) tool provides guidance on what platforms and tools are acceptable for sharing and storing institutional data of different classifications: https://datamanagement.iu.edu/tools/data-storage-and-handling.php
Access institutional data for university business purposes only. Institutional data should only be accessed and used for valid institutional purposes. Remove downloaded copies of data from your workstation when they are no longer needed for business purposes. Use approved storage locations for data that needs to be kept for future reference.
Protect institutional data from unauthorized access. Ensure that institutional data is not accessed or viewed by unauthorized family and friends in the home. This includes printouts with institutional data on them.
Use a Virtual Private Network (VPN) connection when accessing institutional accounts. When on a public network, always use a VPN connection to access institutional accounts. An alternative is to connect to your IUanyWare desktop and access the institutional accounts from the virtual desktop environment. Avoid connecting to Wi-Fi networks that are unfamiliar to you. Instead, use your smartphone as a Wi-Fi hotspot.
Separate your home-office Wi-Fi from your home’s general Wi-Fi network. Configure your wireless router to include a separate network name (SSID) for use for your home-office. Reserve access to the home-office Wi-Fi to your work devices.
Disable broadcast of your Wi-Fi Network Name (SSID). Your home Wi-Fi network does not need to be broadcast for it to work. Disabling broadcast of your Wi-Fi name protects your network from wardriving attacks – nefarious searches of Wi-Fi networks to compromise – launched by attackers driving through your neighborhood, or from curious kids in the locale and other less innocent actors. Connecting devices to an SSID that is not broadcasting will require manual setup the first time a device connects to the network, but the devices can connect to the network automatically after the first connection.
Change the factory-set default administrator router console password and Wi-Fi passwords. Set strong custom passwords for your Wi-Fi networks and for your router’s administrator access code. Access to your router’s configuration settings and network can allow malicious actors to redirect network traffic through illegitimate sites where communications may be read, or data stolen, before forwarding the traffic to the originally intended sites.
Configure your router to use WPA2 wireless security protocol.Set your router to use WPA2 wireless security protocol for authentication. Turning authentication off, or using older authentication types like WEP or WPA, are not considered secure.
Disable the ability to remotely administer your router. Access to make changes to your router should be limited to devices on your local network.
Update your router software to the most current version. If the system software on your router can be managed locally, update it to the latest software. Your internet service provider may reserve access to updating router/gateway system software.
Other Cybersecurity Tips for Working from Home
Beware of phishing attempts and clicking on links and attachments from unsolicited email. Bad actors are using scams centered on the coronavirus situation to extract personal and financial information from people. Pay attention to where URLs in emails link and do not respond to solicitations for personal information in email. Follow the guidelines provided in IU’s Phishing Education & Training: https://phishing.iu.edu/
Enable multi-factor authentication. Use multi-factor authentication (MFA) where available. MFA is increasingly available on banking websites, public email services and social media platforms.
Limit Information posted on social media. Exercise good judgement on postings on social media. Avoid divulging information like your address, phone numbers, upcoming vacation plans, or where you regularly spend time. Such information can be used by nefarious actors to compromise your security. Wait until you get back home before posting vacation pictures.
Avoid auto connecting to networks when traveling. Turn off Bluetooth and Wi-Fi when they are not in use. Avoid using public unsecured networks. Use a VPN connection if use of a public network is necessary. Alternatively, use your phone as a Wi-Fi hotspot for internet connectivity.
Have questions? Please don’t hesitate to request help from the knowledgable IT team.