How to Stay Secure

Information Security Safeguards While Working from Home

As a member of the University community, you are entrusted to manage University information responsibility and in accordance with the University's Information Management and Information Technology Policies.

Here are some guidelines to follow for working from home securely:

1. Secure your home router and WiFi

Insecurely configured home routers can lead to eavesdropping and/or attackers gaining remote control of your home computing devices.  Follow key and fundamental security safeguards such as changing the default router password and using Wi-Fi Protected Access 2 (WPA2).

See the following guide for router/wifi security:
Keep up-to-date with patches/fixes/updates (including security, operating system, and antivirus updates).  Enable the computer's personal firewall and hard drive encryption.  Use a strong/secure password that is unique and not shared.

3. Minimize information management risks
Do not save, store, or print University information locally (especially that which is personally identifying).  That is, securely connecting to and using University resources remotely keeps University information on the University system.  Examples of such University resources include UAlberta Google, faculty/department based file-shares, and enterprise systems such as PeopleSoft, EDRMS, SupplyNet and eClass.  Use the University VPN where appropriate and necessary to securely connect to the University network.

If you absolutely need to save, store, or print University information at home in order to do your job, obtain approval from your Director/Chair beforehand, and agree on security safeguards around version control, information sharing/exchange, encryption, and retention/archive/disposal, among others.

The advent of mobile phones, laptops, and cloud computing means our data is easier than ever to access. However, it also means our data is easier than ever to compromise. You can't predict if your devices will ever be lost or stolen, so be as proactive as possible by following these tips.

1.) Carry as little information as possible

They can't steal it if it's not stored on your mobile device. So before storing sensitive information on your mobile device (laptop, cell phone, USB flash drive), ask yourself if it is absolutely necessary to do so. Play it safe by storing sensitive information off your devices altogether. A much better option is to store that information on a secure remote platform like UAlberta Google Drive or your Faculty/Department-based network file-share.

If you do absolutely need to store sensitive information on your mobile device(s), then ensure appropriate and adequate mobile security is in place, as outlined below.

2.) Password protect everything

Give every device a secure password, no matter what. A secure password does not consist of your dog's name plus the year you were born - choose a password that is at least eight to ten characters long and consists of a mix of numbers, special characters, and upper and lowercase letters. Configure your device to ask for that password after you power on and after a screensaver timeout. Do not use the same password for multiple accounts, and never disclose your password to anyone.

Find tips on selecting a secure password here.

3.) Encrypt your devices

Hard drives can be stolen and passwords can be cracked, so take your security a step further by encrypting your devices. Encryption is a process that turns the information stored on your device into unintelligible text characters that cannot be deciphered without the decryption key. If someone steals your device, encryption ensures that they cannot read what's on it. More information on how to encrypt your device.

4.) Never leave devices unattended

No matter how short the window of time, never leave your devices unattended. You may just be dashing up to the coffee shop counter for a quick refill, but to a potential thief, this is the perfect opportunity to steal your device and all the information on it.

Lock your mobile devices when not in use, and never leave your devices unattended in your vehicle. Carry your laptop in a plain, lockable case that does not have the logos of either the manufacturer or the University. As an added precaution, consider equipping your mobile device with an audible alarm or using asset tags (which are required for University computing devices).

5.) Ensure you have the latest software

The latest software comes with the latest security. Updating your software for known vulnerabilities is known as patching, and an unpatched device is much more susceptible to attack than a patched one. Make it easy on yourself and enable automatic updates on your device whenever possible.

To be even more secure, install and enable anti-virus, malware, and spyware software and run frequent scans. Never download free software or apps unless you are 100% certain the product is safe and contains no adware, spyware, or viruses. Finally, consider using a personal firewall to deflect the most dangerous Internet attacks.

6.) Practice safe surfing

If you have to deal with sensitive information online, then make sure the site you're on is secure - that means it begins with https, not http. The extra s at the end means that any data sent over that connection is encrypted and cannot be read by hackers.

If you absolutely have to send sensitive information over an unsecure (http) connection, then connect to a virtual private network (VPN) first. A VPN will securely connect you to another network over the Internet so you can keep your browsing activity private and safe. Learn how to connect to the University VPN here.

7.) Use extreme caution when using shared networks, computers, and charger kiosks

When it comes to mobile device security, sharing is not caring. Using public and unsecured WiFi to access sensitive information can put you at risk. Hackers can compromise your Internet traffic, monitor your activity, and steal your personal information. If you do need to use unsecured WiFi, then connect to a VPN first so you can securely connect and transmit data sent over that connection.

Shared computers are prime targets for keylogging and other malicious activities. If you must use one, keep your use short and light. Do not share files or sensitive information, do not log into your personal or University accounts, and do not visit unsecured (http) sites.

Finally, avoid plugging your devices into shared charger kiosks. As harmless as it may seem, there could be a hacker on the other side of that wire. The mobile device's power cord is also used to transmit data to and from your device. If the kiosk port is compromised, then so your your device and data.

Learn more in our Travel Tips section.

8.) Enable remote wipe

Even the most vigilant users can suffer a loss or theft, so be prepared and enable remote wipe on your devices. This ensures that if you do lose your mobile device, you can clear it of sensitive information before it falls into the wrong hands.

9.) Mobile device loss

If, despite all your precautions, a mobile device is stolen or lost, report it immediately. The following stakeholders need to be immediately notified:

  • your supervisor/manager
  • the IT administrator providing support for your mobile device
    • if enrolled in the University Mobile Device Service, then contact the IT Service Desk via the Staff Service Centre
  • the university's Information and Privacy Office (foipp@ualberta.ca) and/or the Chief Information Security Officer (ciso@ualberta.ca)

 

Want more details? Get them from the Mobile Device Security Best Practices document, straight from the Office of the Chief Information Security Officer.