Creating a cybersecure workspace — at home - Information Security Office

Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of.

When you work at home, many of the information security controls and procedures that the University of Utah has put in place to protect you aren't available. However, you can take some simple steps to secure your home and reduce the risk of an attack succeeding.

Here are five ways to be cyber smart while working at home.

	If possible, use only your university-issued device for work. These devices are managed and have additional security controls in place to better protect you and your data. Do not let friends or family use university-owned devices. They are for your use only, in accordance with the university’s Acceptable Use Rule (4-004A). If you use a personal device to conduct business for the university, then you are responsible for ensuring that the device complies with Policy 4-004: University of Utah Information Security Policy.
	Stay on a private, secure Wi-Fi network. Do not use public computers for work, and avoid using public Wi-Fi. If public Wi-Fi is your only option, use a virtual private network (VPN) to create a private encrypted connection between your computer and the university's network. If you access restricted data as defined in the university’s Data Classification and Encryption Rule (4-004C), then using a VPN is required.
	Do not store sensitive or restricted data on your personal devices. Use university-approved storage solutions, such as Box. If restricted data is stored on a device, the device must be encrypted as defined in the university's Data Classification and Encryption Rule (4-004C).
	Stay vigilant for phishing attacks. Be suspicious of unsolicited phone calls, visits, or email messages from people asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify that person’s identity directly with the company. Do not provide personal information or information about your organization. Do not reveal personal or financial information in email, and do not respond to email solicitations for information, including following links sent in email. If you are suspicious of an email, don’t hesitate to forward it to phish@utah.edu.
	Do not leave personal or university-issued devices in unsecured areas. Lock your screen when stepping away from your computer, lock your doors, and do not leave your devices in your car.

For more information about securely working from home as a University of Utah employee, please review the Telecommuting: Best Practices guide.

Creating a cybersecure home

The SANS Institute video below describes the steps that can be used at home to protect personal and work devices, Wi-Fi networks, and online accounts. It also covers the importance of information backups, such as cloud services or external hard drives, in the event of an attack, theft, or loss of a device. Secure behaviors at work often start at home, and are even more important when working from home.

We also recommend reviewing the Top 5 Steps to Securely Work from Home tip sheet from SANS.