Top 10 data security considerations when working remotely
- The following points are to help you make sure confidential data is protected when you are working from a remote location, such as home. Remember that you have a responsibility to protect the confidentiality of all data that you use and have access to. This applies to all types of confidential data, including (but not limited to) HIPAA, FERPA, ITAR, etc. Especially when working remotely during a campus emergency, it is critically important that confidentiality and security of data be maintained.
- If you are using a personal computer at home, make sure you have security software such as AntiVirus installed, maintain current operating system updates, software updates/patches, lock your screen when unattended, and do not share the computer with other family members. If you are using a work-provided computer at home—work computers are intended for business and may not be shared with others, including family members. Be sure to notify the ITS Help Desk if you suspect updates to your work computer are not getting applied, or the Information Security and Policy Office if you have any other cybersecurity concerns.
- Do not use unsecured, public wifi (such as in restaurants, coffee shops, etc) unless you are using a secure VPN or remote desktop session. When using home wifi, make sure your home wifi is secured with a strong password (greater than 10 characters, mixed upper and lower case, numeric and symbols) and strong encryption. For the encryption type, use WPA2. There are different types of WPA2, all are fine. Make sure you keep your home wifi software up to date, even if you are simply using your home computer to check your university email.
- Be very careful when clicking links—even more careful than when working on campus. Be aware of URLs and website addresses when accessing sites on the internet. Do not visit sites you wouldn’t browse during the normal course of your work. We have specific protection mechanisms in place within the university environment to protect against “known bad” sites—some of those protections don’t extend to your home network. Use more caution when working from home or when connecting to the university network with a personal computer. For maximum protection, use an adblocker such as uBlock Origin.
- Do NOT save sensitive data on your personal device. While it may make it easier to access, it is vulnerable to loss, corruption, cyber-attacks and viruses. Make sure sensitive data is only being stored in approved storage locations.
- When you are not using your computer, disconnect it from the network and/or shut it down. This prevents attacks and data loss, as well as unauthorized access by people who may share your space when working from home.
- Do not use random thumb drives. Loading thumb drives with viruses or other malware is a common problem. If you have a thumb drive but don’t know where it came from, DO NOT use it.
- Protect remote devices against theft. Don’t leave a laptop or cell phone in your car; even if the car is locked, the devices should not be accessible. Keep laptops secured at all times.
- Use the PUSH feature when using DUO 2-factor for authentication. Using the telephone call feature costs the university “telephony credits” which the university pays for in a metered fashion. The PUSH costs nothing additional.
- Review messages being sent in email to ensure that you are sending to the correct recipient. Working on a laptop, keyboards might not respond the same way as your desktop keyboard; double-check the recipient before sending. Remember that confidential data should only be shared with other authorized users, and that many types of confidential data may not be shared via insecure mechanisms such as email.
Additional information can be found at:
Acceptable Use of Information Technology Resources: https://opsmanual.uiowa.edu/community-policies/acceptable-use-information-technology-resources
Security Policy: https://itsecurity.uiowa.edu/security-policy
Institutional Data Policy: https://itsecurity.uiowa.edu/institutional-data
Configuring DUO (including DUO push): https://its.uiowa.edu/support/article/106591