Cybersecurity of Personal Devices and Working Remote
March 19, 2020
We would like to share a reminder about keeping your personal devices secure, especially as more of us are working remotely and using them to access UCI institutional data and resources. These cyber risk avoidance tips are applicable to both your personal life and work life at UCI. As remote work becomes the norm for now, let’s ensure that we are safe and healthy, both physically and digitally.
Personal Device Security
- Keep your devices patched with the latest security updates, don’t use end-of-life operating systems.
- Be mindful of going to “risky” sites, installing “risky” software, clicking “risky” links, or responding to “risky” emails. Double-check everything and only go to trusted sites, use trusted software, and respond to trusted contacts.
- Run anti-virus/anti-malware software with latest updates if your operating system supports it.
- Enable your operating system’s host-based firewall.
- Don’t login to your device using an “administrator” account, instead use a normal non-privileged user account if your device supports it to limit the impact of potential compromises.
- Don’t store passwords unencrypted on your device (use a secure vault like LastPass instead http://oit.uci.edu/help/lastpass).
- If using a mobile device, enable encryption with strong passwords.
Working Remote Securely
- Don’t copy P3 or P4 data to your personal device, even if temporarily. Use remote sessions to university managed devices instead. (What is P3 or P4 data? Please see https://security.uci.edu/security-plan/plan-classification-protection.html#P3 to learn more).
- Enable session timeout and lock screen with a strong password to keep roommates, spouses, kids from disturbing your work.
- Enable your home Internet router's firewall to block incoming connections from the Internet by default.
- Ensure that your wireless connections are encrypted with a strong password.
- Generate and securely store your Duo Emergency Backup Codes ahead of time, in case your Duo device becomes inaccessible, so that you can still work without needing to contact the OIT Help Desk https://applications.oit.uci.edu/DuoSupportDesk/backupCodes.htm
- Many campus administrative resources require use of the VPN to access from off-campus, however only stay connected to the VPN as needed in order to conserve resources for others.
- Contact the security team if you believe a computer, user account, or data may have been breached https://security.uci.edu/incident.html
We will keep https://security.uci.edu/personal-device-working-remote.html updated with any new guidance.
Please reach out to OIT Security at email@example.com if you have any questions.
Chief Information Security Officer
Office of Information Technology