Working securely from home
Working from home has become a reality for many people. It is important to be confident that work can be done from home in a secure way. Here are considerations to help you work confidently in the security of your home network.
1. Technology does not solve all security needs. Social Engineering, including Phishing, remains the top way for attackers to compromise accounts and computers. Go to www.odu.edu/cybersecurity and review topics such as Phishing, Personal Privacy, Email Security, Password Security, and guidance on working from home.
2. Most homes have a Wi-Fi access point and an Internet Router. These may be combined into one device. Securing these is key to protecting your home network.
a. Ensure the default administrative password on these devices has been changed.
b. Allow only trusted people to connect to your network by requiring a password.
c. Make the password strong, since your device will remember it.
d. If your Wi-Fi/Internet Router allows for Guest access to a separate network than your home network, enable it with a separate password that you give to your guests.
e. If you are not sure how to do these things, ask your Internet Service Provider (ISP) for support.
3. Use strong passwords on your home devices.
a. Make your password a “passphrase” made up of multiple words.
b. Make passwords different for each internet site.
c. If you cannot remember all of them, consider a password manager (https://www.odu.edu/ts/security/awareness#Passwords )
d. Enable 2-factor authentication wherever possible
4. Ensure you have a current version of Operating Systems on your personal devices and computers with automatic security updates, anti-virus and firewall enabled when applicable (https://www.odu.edu/ts/security/awareness#SecuringYourComputer ).
5. When using a University computer, do not allow family members to use the computer, but reserve it for work-use.
6. If you need to access protected resources, such as Banner or shared files (J: drive), in order to administer FERPA-covered or other regulated data, use the ODU VPN (https://www.odu.edu/ts/software-services/vpn ). If applications on a University desktop are needed, use the VPN and remote desktop technologies (ie. RDP, https://eve.odu.edu).
7. Remember that private FERPA-covered or other regulated University data should not be copied to or stored on personal computers. Refer to the regulated data matrix for guidance on where sensitive data may be stored or administered (https://www.odu.edu/ts/security/regulated-data ).*
(* The Outlook Client stores cached files on the local computer. Box, OneDrive, Teams Files may store cached files on the local computer. These clients are therefore not suitable for use on personal computers when administering FERPA-covered or other regulated data. Outlook Webmail may be used on personal computers. Care should always be taken not to open and risk storing any files or cached copies of files that may contain regulated data on personal computers.)
8. Physical copies containing private or regulated data should not be brought home or printed at home, unless provisions have been made to properly manage the documents and approval has been gained from the Regulated Data Owner.
9. ITS continues to monitor, review and implement updates and recommendations from Zoom as they identify and fix privacy and security concerns to improve and secure Zoom meetings for everyone. The website Securing a Zoom Meeting contains more information on Zoom’s security and ODU’s review and assessment of recent media reports.
More information on Remote Computing can be found at https://www.odu.edu/facultystaff/computing/remote .
J. Douglas Streit, CISSP
CISO & Executive Director
IT Security and Planning
Information Technology Services
Old Dominion University
DUO 2-factor @ ODU: www.odu.edu/two-factor
Posted By: John Streit
Date: Sun Apr 05 20:43:51 EDT 2020