Remote Work Security

Sans Security Awareness
Top 5 Steps to Securely Work from Home
View Guide

COVID-19 Security Resource Library
To help individuals and organizations find resources they can use and share, NCSA has launched the COVID-19 Security Resource Library.
View Resources

Protecting Yourself and the University’s Assets While Working Remotely

Introduction: Ultimately the best protection of the University’s information, students Information and your information is exercising a little caution while working from home. Here are a few helpful tips to keep you well acquainted with what to do while accessing University data remotely. Adhering to these recommendations can enhance your work-from-home computing experience so that it provides the necessary level of security of University data as well as keeping your systems safe and secure. When in doubt, contact the Technology Help Desk at (269) 387-5347 or email helpdesk@wmich.edu if you have any questions. Other security awareness information is available at https://wmich.edu/security/securityawareness

Most importantly, under no circumstances should a WMU employee ask you for your password for your accounts.

1. Watch out for tricks and scams

During this time many emails are flying around as we’re all settling into our new routines and some of them are emails designed to trick you into giving up your username and password. If you are unsure, you need to ask someone you know and trust. Here are some other things to look for:

If you get a link to a website or service for you to log in to, it should be something you are expecting; such as a link to the software your students need, or where to get access to the new VPN service, etc.  If not contact the person or department directly that the message supposedly originated from.

  • Check to confirm that the message came from someone at WMU by looking carefully at where the message came from.  Feel free to CALL the person you got the message from to confirm. 
  • Always confirm with a supervisor or your IT personnel if you feel uncomfortable with something you're being asked to do.  Never assume.
  • You can always contact the Technology Help Desk if you receive something you are unsure of and the staff will be glad to walk you through your questions.

2. Protect yourself and PRivacy

Now that you are working at home there are a few things you can do to protect yourself and your privacy from nosy neighbors and unwanted intruders via the Internet. Your home router is a key player in protecting you, so we are going to focus on that next. Please consult the routers manual or the manufacturer of your particular router for information on how to perform these steps. You may also contact your internet service provider (Spectrum, Comcast, etc.) if you are renting your router as a part of your internet services.

  • Always make sure to change the default password from what came with the router out of the box.  Default credentials are easy to find on the Internet and open your home network to intruders by allowing them in with ease. 
  • In addition, make sure your home WiFi has a good password on it and not one that came with it.  Using open or unsecured WiFi connections leave you vulnerable to people watching what you are doing on the Internet, like shows you're searching for, the medical information you're looking up, your taxes, usernames or passwords and banking information.
  • Many home routers allow for a “guest WiFi network” – enable this if it's available as it isolates devices connected to it and only allows them access to the internet and not other devices or computers at your home.  It is a great way to give visitors access without having to give out your password and access to your entire network. 

3. Create Strong Passwords

For all accounts and all services, create unique and strong passwords.  Reusing the same password for multiple sites means that one compromised account can suddenly become multiple and you find yourself and your private information at risk of compromise.

  • The longer the password, the better.  Ideally, they would be 12 or more characters using either upper- and lower-case letters, numbers and symbols.  But also consider using a very long-phrase, like a line out of your favorite song, book, or poem.  It’s the easiest way to remember very long passwords and not creating too much of a burden.
  • Tired of trying to remember all the accounts and passwords you use? Try a password manager.  These services are great for creating a central repository for remembering and entering this information and assisting you with creating new passwords as well if you are struggling to come up with a new one. The following is a great selection from PC Magazine. https://www.pcmag.com/picks/the-best-password-managers
  • Wherever possible, whether the bank, Amazon, or at work, enable two-factor authentication so even if your password is compromised no one can get into your account but you. If you haven’t done so already, consider enabling two-factor authentication for access to WMU resources. See - https://wmich.edu/it/2fa for more information.

4. Updates and Patches

They sound tedious but often they are an easy way to not only protect yourself but enhance your computing experience. People create software and computers and sometimes what they release not perfect.  Consider keeping software properly updated to make sure you are as safe as possible and having the best experience.

Microsoft Windows 10—How to Enable Automatic Updates

https://support.microsoft.com/en-us/help/4027636/windows-10-get-updates-with-active-hours-in-windows-10

Apple Mac OS—How to Enable Automatic Updates

https://support.apple.com/en-us/HT201541

iOS—How to Enable Automatic Updates

https://support.apple.com/en-us/HT204204

iOS—Enable Automatic Updates for Applications

https://support.apple.com/en-us/HT202180

5. Do not let family members use your work devices

While it may be tempting to let your children watch YouTube videos or check their email on your computer, or even a spouse or guest, keep your work and home life separate.  A family member or guest could inadvertently erase saved websites, documents, or other important information from your computer that you need for work. Worst yet they could accidentally expose your work information or the university to a virus through an email or website. Best to let them use a device you personally own if need be.

6. Protect University Data

Protecting University data is of the utmost importance while working remotely. If you have access to sensitive data, you should NOT be downloading the data to your home personal devices. Consult your IT personnel for your department to learn how to access the University’s secure file services (known as “P” or “H” drives). The means to access this data can be achieved by taking advantage of the University’s VPN (virtual private network). You can find out more information about VPN services at this site - https://wmich.edu/helpdesk/govpn