Please note that the resources below are intended for protecting the privacy of your personal data at home. For guidelines on protecting the security and confidentiality of university information when working at home, please see Top 10 data security considerations when working remotely
The following guidelines are designed to help you protect your home computer, personal information, and privacy. Today’s high-speed and “always connected” (e.g., cable or DSL modem) home workstations are quite vulnerable to Internet attacks. In addition to the value of personal information stored on them, or accessible from them, home computers can provide links into other systems if they’re not properly secured and managed. Consider the following:
Configuring and managing your system
- Keep your software programs and operating system regularly updated. Vendors provide web sites where you can go and download software updates and install them. The older your software is, the more likely security vulnerabilities have been found and exploited by hackers. There are free online scanning services available for you to make use of online Secunia is one of them, install and regularly run the program to make sure all of your programs are updated.
- Install and RUN an anti-virus software program. University faculty/staff and students are covered to install the site-licensed anti-virus software on their home machines. Configure it for regular, virus updates, and make sure it actively scans all incoming objects for malware.
- Make sure your firewall is enabled.
- If you need to enable file and print sharing, allow access only to authorized users. Review these options in the network settings on your computer.
- If your computer is “always-on”, disable file and print sharing and be sure to turn off all network services (programs) that you do not need or intend to use. Familiarize yourself with the services you have configured on your computer.
- Maintain regular backups and consider employing a file encryption program if the information stored on your workstation is highly confidential (e.g., tax files, brokerage or mutual fund accounts/files, bank files, credit card accounts). Other options are to keep sensitive files in a nondescript or hidden location, or on a portable storage device (e.g, CD/DVD, or USB drive).
- Investigate your workstation configuration & disk drives on a regular basis, to look for suspicious files, programs, or drastic changes in free space on disk. Organize your files and directory structure, so you can recognize changes in your files and directories.
- Protect against power surges with a surge protector, and against power loss with a UPS (un-interruptible power supply).
- Secure Your Wireless Network, wireless networks are not as secure as the traditional "wired" networks, but you can minimize the risk on your wireless network by enabling encryption, changing the default password, changing the Service Set Identifier (SSID) name (which is the name of your network) as well as turning off SSID broadcasting and using the MAC filtering feature, which allows you to designate and restrict which computers can connect to your wireless network.
- Dispose of Information Properly before discarding your computer or portable storage devices, you need to be sure that the data contained on the device has been erased or "wiped." Read/writable media (including your hard drive) should be "wiped" using Department of Defense (DOD) compliant software.
Configuring and managing your computer and online habits
- Ensure that you have adequate backups of your files. Copy them to a CD/DVD, or to a USB drive backup, and store them in a secure location. Pay particular attention to making backups of your personal data files and custom configuration files on a regular basis.
- If you are working from home accessing and using Personally Identifiable Information (PII) or any other sensitive data, do so via the University’s (Virtual Private Network) VPN service – UI Anywhere, installed locally on your computer to securely access UI information resources through your computer desktop at work.
- NEVER give your password, account numbers, or other sensitive personal information (name, address, phone), or your Internet Address or machine name, out in an e-mail message, newsgroup posting, or in a chat session. Your information can easily be intercepted, forwarded, or redirected without your knowledge, and you really have no way of knowing who is listening in a chat room or reading newsgroup postings.
- NEVER give away sensitive or private personal information on a web page until you trust the company hosting it. Build trust by reviewing the company’s privacy and security policies on their web site, and by insisting on a secure connection (look for the closed lock or a key in the lower corner of your browser window). Know what their policies are regarding reuse, sharing or selling your personal information.
- Never execute or click on a program (e.g., an ".exe") file if you do not know what it is/does, or if you do not trust the source. This is particularly the case for file attachments that are sent to you via e-mail, or are downloaded from a web site that you do not trust.
- Consider clearing your web browser’s cache storage file after visiting web sites where you entered sensitive information, such as a credit card number, or a bank or brokerage account and password, as this information is often stored in your browser too. (Do you select “remember this password” for ease of use in your browser?) If your machine is broken into, account information in your cache files could be used for fraudulent activity or identity theft.
Online vulnerability scanning option: