Guidelines for Secure Remote Work
- The preferred technology for remote work is a university-managed computer (laptop or workstation). This is especially important for those who work with sensitive information. Remember that you have a responsibility to protect the confidentiality of all data that you use and have access to. The use of a university-managed computer is strongly recommended for interacting with sensitive information and required whenever such information is stored locally. Sensitive information includes Critical and Restricted data types; see the Institutional Data Policy for additional details.
- If you are using a personal computer at home, make sure you have security software such as Antivirus installed, maintain current updates, software updates/patches, locked screen, and do not share the computer with other family members. If you are using a university computer at home, university computers are intended for business and may not be shared with others, including family members. Be sure to notify the ITS Help Desk if you suspect updates to your work computer are not being applied, or the Information Security and Policy Office if you have any other cybersecurity concerns.
- Do not use unsecure, public Wi-Fi (such as in restaurants, coffee shops, etc.) unless you are using a secure VPN or remote desktop session. When using home Wi-Fi, make sure your home Wi-Fi is secured with a strong password (greater than 10 characters, mixed upper and lower case, numeric and symbols) and strong encryption. For the encryption type, use WPA2. There are different types of WPA2, all are fine. Make sure you keep your home wi-fi software up to date, even if you are simply using your home computer to check your university email.
- Be very careful when clicking links—even more careful than when working on campus. Be aware of URLs and website addresses when accessing sites on the internet. Do not visit sites you wouldn’t browse during the normal course of your work. We have specific protection mechanisms in place within the university environment to protect against “known bad” sites—those protections don’t extend to your home network. Use more caution when working from home or when connecting to the university network with a personal computer.
- Do NOT save sensitive information on a personal computer. While it may make it easier to access, it is vulnerable to loss, corruption, cyber-attacks and viruses. Make sure sensitive information is only being stored only on approved storage locations.
- University-managed computers will typically receive updates during off-hours. Be sure to leave your computer on and connected to the internet so that your software can receive these updates.
- Do not use random thumb drives. Loading thumb drives with viruses or other malware is a common problem. If you have a thumb drive but don’t know where it came from, DO NOT use it.
- Protect remote devices against theft. Don’t leave a laptop or cell phone in your car, even if the car is locked the devices should not be accessible. Keep laptops secured at all times.
- Use the PUSH feature when using DUO 2-factor for authentication. Using the telephone call feature costs the university “telephony credits” which the university pays for in a metered fashion. The PUSH costs nothing additional.
- Review messages being sent in email to ensure that you are sending to the correct recipient. Working on a laptop, keyboards might not respond the same way as your desktop keyboard...double-check before sending.
Additional information can be found at:
Acceptable Use of Information Technology Resources: https://opsmanual.uiowa.edu/community-policies/acceptable-use-information-technology-resources
Security Policy: https://itsecurity.uiowa.edu/security-policy
Institutional Data Policy: https://itsecurity.uiowa.edu/institutional-data
Configuring DUO (including DUO push): https://its.uiowa.edu/support/article/106591