Tips for Securely Working From Home

Just as our university is a target, so too are you at home. Your personal information, accounts, emails, and even your systems at home are valuable to cyber attackers. The university network block protections are not effective on non-campus networks. Not only can remote workers have their own privacy put at risk, working from home could result in breaching company security as well. This is why it is essential that when working from home, you follow the security procedures in the Guides for Remote Learning and Work. Read on for some additional steps you can take to create a more cyber secure home environment.

IDENTIFY SOCIAL ENGINEERING ATTACKS

First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you by attempting to trick you into clicking on a link or attachment. The most common indicators of a social engineering attack include:

• Urgency: Messages or calls that create a sense of urgency, often through fear, intimidation, a crisis, or an important deadline. Scammers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government, or international organizations.
• Unsolicited Requests:A message or phone call that pressures someone to bypass or ignore security policies and procedures to submit personal or financial information. 
• Unusual Wording: A message from a friend or co-worker in which the signature, tone of voice, or wording does not sound like them.

SECURE YOUR HOME NETWORK

Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. Use following steps to secure it: 

• Configure the network settings: Older Wi-Fi settings use weak forms of encryption, such as WEP. Instead, be sure you are using WPA2, which uses advanced encryption to protect your network activity.
• Change the default settings: The administrator account is what allows only you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided. Next, change the default name of your wireless network, commonly known as the SSID. Choose a name that cannot be tied back to your address or your family name.

Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.

USE STRONG PASSWORDS

When a site asks you to create a password: create a strong password, the more characters it has, the stronger it is. It is important that all of your Internet connected devices have a strong account password.

• Use a passphrase: One of the simplest ways to ensure that you have a strong password is to use a passphrase. A passphrase is nothing more than a password made up of multiple words, such as “junkyard bees wanted bourbon.” You can add numbers and symbols throughout to make it more secure.
• Make it unique: Using a unique passphrase means using a different one for each account. This way, if one passphrase is compromised, all of your other accounts and devices are still safe.
• Try a password manager: Can’t remember all those passphrases? Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format. Password managers have lots of other great features, too!
• Enable two-factor authentication for each account: Two-factor authentication uses your password and adds a second step, such as a code sent to your smartphone or an app that generates a one-time code.

UPDATE SOFTWARE

Make sure each of your computers, mobile devices, programs, and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use in order to hack into the devices and steal personal information. By ensuring your computers and mobile devices install updates promptly, you make it harder for the devices to become compromised.

• Enable automatic updates: To stay current, simply enable automatic updates whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles, and even your car.

PROTECT YOUR NETWORK ACTIVITY

Surfing the web or making transactions on an unsecured network, such as public Wi-Fi, means you could be exposing private information to an eavesdropping cybercriminal. One way to protect online privacy is to use a Virtual Private Network (VPN). A VPN will provide an additional layer of security by encrypting data in transit.

Install Cisco AnyConnect VPN to connect to restricted Carnegie Mellon resources like Phone Manager, Windows file shares and library resources while off campus.

Administrative Departments: Refer to your IT Administrator for more information on functional VPN connections.

USE ANTIVIRUS SOFTWARE

A good antivirus software can act as a line of defense by detecting and blocking known malware. Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.

University-Owned Computer

• Mac- ESET
• Windows- Windows Defender

Personal Computer

• Mac OS- Sophos
• Windows- Windows Defender

BACKUP DATA

Data can be lost in a number of ways, including human error or a cyberattack. Ransomware and other types of malware can wipe entire systems. Be sure you are performing regular backups of your information and valuable data through the use external hard drives or one of CMU’s File Storage Options.

• If you are perfoming work for the university, store university data in an approved CMU storage option such as Google Drive or Box.
• Personal cloud storage accounts or your personal hard drive are not acceptable for university data.

PERSONAL COMPUTER 

Personal Computer Note: Avoid using a shared personal computer for university business. If this is your only option

• Save files in an approved CMU storage option.
• Use Citrix Workspace when possible.
• Use VPN disconnecting when not working on CMU business.
• Do not save your Andrew account password to the computer.
• Create a separate account and password fo reach individual using the computer.

MOBILE DEVICE SECURITY

Mobile devices, including Smart Phones, are portable computers that should be secured the same as any computing device. Adhere to these practices:

• Lock your phone with a PIN or password.
• Avoid storing sensitive data on your phone.
• Use caution when connecting to public wireless networks; instead connect to secure wireless networks when available (e.g., CMU-SECURE).
• Update your mobile device apps frequently.
• Disable Bluetooth and WiFi when not in use.
• Adhere to the ISO Mobile Device Security and Usage Guideline.

For any other questions or concerns regarding working from home please refer to the Guides for Remote Learning and Work.