Telecommuting: Information security best practices
Compared to working on campus, telecommuting can present different information security risks, especially when it comes to network security, data storage, and physical security. By following these best practices, you can help protect yourself and the university from cyberthreats.
- Stay on a private, secured Wi-Fi network. Avoid using public Wi-Fi, and do not use public computers for work. Play the "Creating a Cyber Secure Home" video by SANS Institute (above) or read the SANS OUCH! newsletter for more tips on making your home more cybersecure.
- Use a virtual private network (VPN) to create a private encrypted connection over the internet. Connect to the University of Utah’s VPN if you access sensitive or restricted data as defined in the university’s Data Classification and Encryption Rule (4-004C). Before you connect, please review this Knowledge Base article about the campus VPN, which is a limited resource and should be used appropriately.
- Do not store sensitive or restricted data on personal devices. Please use university-approved storage solutions, such as Box. If restricted data is stored on any IT resource or device (e.g., laptops, desktops, phones, USBs, etc.), the device must be encrypted as defined in the university's Data Classification and Encryption Rule (4-004C).
- Do not let friends and family use university-owned devices. A work-issued device is for your use only.
- Do not plug in unknown USB drives. They can contain malware and be used as an attack vector, giving criminals full access to your devices. Visit this CISA tips page to learn more about the security risks of thumb drives.
- Do not leave university-issued devices in an unsecured place. Follow the same physical security habits that you would in a work setting: lock your screen when away from your computer, lock your doors, and do not leave your devices in the car.
- Stay vigilant about COVID-19 cyberscams. Follow the precautions provided by CISA, and report phishing emails to phish@utah.edu.
- Report cybersecurity incidents as quickly as possible to the Information Security Office by calling 801-587-1925 or emailing security@utah.edu. Visit this Knowledge Base article for more information about reporting a security incident.
- Contact your central help desk if your device has been compromised: UIT Help Desk (801-581-4000) or ITS Service Desk (801-587-6000).
- File a police report if your device is lost or stolen, then contact the UIT Help Desk or ITS Service Desk. Loss, theft, or destruction of university or government property must be reported within 24 hours of discovery.
- Take our online security training course or check out our website for additional ways to strengthen your online safety and security.
Resources
IT Knowledge Base
The IT Knowledge Base contains more than 20 help articles about information security.
U Information Security Policy
The U's Information Security Policy (4-004) and its corresponding rules provide guidance on network acceptable use, data classification and encryption, remote access, and more.
IT resources roundup
This page features more than a dozen UIT, ISO, government, and nonprofit resources to help you stay up to date on recent cybersecurity news and secure your data and devices.