Best Practices for Working from Home Securely
Just as our campus network is a target to computer attackers, so is your home network. Your personal information, accounts, emails, and your systems at home are valuable to cyber hackers. In this document we will provide some tips on securing your home network while working from home in general and currently amid COVID-19 .
SECURE YOUR HOME NETWORK
- Configure the network settings: Older Wi-Fi settings use weak forms of encryption, such as WEP. Instead, be sure you are using WPA2, which uses advanced encryption to protect your network activity.
Change the default settings: The administrator account is what allows only you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
- Make sure to change the default password
- Change the default name of your wireless network, commonly known as the SSID.
- Choose a name that cannot be tied back to your address or your family name.
- Disable WAN access to router configuration page
It is highly recommended that you use a campus issued laptop to access campus sensitive data for best security. You can improve the security of personal devices by following the below guidelines.
- Never leave your devices in the car
- Ensure your devices are running the most current version of the operating system
- Avoid downloading and installing non-campus supported software.
- Enable automatic updates for operating systems and applications
- USE ANTIVIRUS SOFTWARE
- Cloud Storage (Dropbox)
- We recommend Dropbox as a place for you to save your documents. Personal cloud storage accounts or your personal hard drive are not acceptable for university data.
- Save your work frequently to your cloud folders
- Keep Work Data on campus issued laptop or Dropbox
- To access your on-campus computer, use GlobalProtect VPN with Duo MFA . Make sure you are using Microsoft Remote Desk Protocol (RDP) software on both Windows and Mac machines.
GENERAL SECURITY PRACTICES
IDENTIFY SOCIAL ENGINEERING ATTACKS - Malware and Phishing
First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you by attempting to trick you into clicking on a link or attachment. The most common indicators of a social engineering attack include:
- Urgency: Messages or calls that create a sense of urgency, often through fear, intimidation, a crisis, or an important deadline. Scammers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government, or international organizations.
- Unsolicited Requests: A message or phone call that pressures someone to bypass or ignore security policies and procedures to submit personal or financial information.
- Unusual Wording: A message from a friend or co-worker in which the signature, tone of voice, or wording does not sound like them.
Level 1 Data Users (see Data Classification webpage for more information)
Any user of Level 1 data (ex. Social Security, driver license, birthdate, etc.) must use a campus issued laptop. You may not access Level 1 systems from your personal devices. Use of USB storage or other removable devices for storing L1 data is strictly prohibited as per CSU Information Security Policies.