Computer Equipment
- In order to perform their work effectively, employees may use university equipment (computers, laptops, keyboards, monitors, etc.) at their remote location, with the approval of their supervisor. All such items remain the property of the university and will be returned to the university once working remotely has ended.
- All devices, whether personally or university owned, must meet minimum security standards when connecting to a university network or accessing institutional information. See Steps for Staying Secure.
- Best: University owned and managed by central or divisional support services
- Better: University owned with BigFix installed
- Okay: Personal computer with supported and patched operating system and anti-malware installed.
You may not download or store locally Personally Identifiable Information (PII), health information, or other P4 information to any device.
Remember that you need to protect university equipment as well as university data. Learn how to store and protect data properly on devices and in Google G-Suite. See also Google Apps Services Allowable Data Use
Using Personal Computing Devices
You may use your personal computing device to conduct University business so long as the device meets minimum security standards and any data you access remains in Google G-Suite, this is the campus approved and supported cloud service provider. You may not download any university data to your personal device.
Please note: personally-owned computers used by multiple people in the household are unlikely to meet minimum security standards. Risks to consider with home systems include:
- Multiple users with administrator access allows for downloading and spreading of malware
- Insecure configurations leaving the systems vulnerable to attacks
- Home use software installed that are not supported and may not be patched for vulnerabilities
- Institutional information downloaded or cached to the machine may be exposed to other family members
Therefore, we highly recommend that you use university-owned, and managed, equipment when working from home. If you must use a personal computer, avoid using a computer shared by others in the household.
If you do not have a work computer to use at home and need to access highly sensitive (P4) data, or are a Systems Administrator for P4 data, please contact ispolicy@ucsc.edu
Secure Your Home Wireless Network
- The most effective steps you can take to secure your wireless network at home is to change the default admin password, enable WPA2 encryption and use a strong password for your wireless network.
- Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car. Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system.
- If you are using an unsecured network (public wifi) you should be connected to the campus Virtual Private Network (VPN)
Social Engineering/Phishing/Scams
Defending Against COVID-19 Cyber Scams
Scams and phishing emails are targeting people's growing fears of the coronavirus in order to steal their usernames, passwords, credit cards and other sensitive information. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
One of the greatest risks you will face, especially in this time of both dramatic change and an environment of urgency, is social engineering attacks.
Security protections that would normally be in place on the campus network or VPN are not available when you are on a home network. This means we are relying on human behavior, rather than technical controls, to avoid phishing attacks.
Remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.
Take the following precautions:
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Proofpoint COVID-19 Attack Spotlight Video (2:27)
- SANS Phishing video (3:54)
Physical Security
Lock Your Doors and Never Leave Your Devices in the Car
- Never leave your device unattended, always lock your doors, and never leave your device in a vehicle - not even in the trunk.
- Securely store laptop and other mobile devices when you step away, even at home. Incidents happen, and it’s good practice to lock up your devices when you are not using them. Options include a security cable or locked cabinet/drawer/closet.
- Configure your desktop to automatically lock after 15 minutes of inactivity and set your phone to lock the screen after no more than 15 minutes of inactivity. Shorter is even better. Manually lock the screen when you walk away from the computer.
Family/Guests
- Use a private and secure space to work, avoid others overhearing or seeing confidential information.
- Sharing a computer is one of the most common mistakes you often commit, it’s tempting to share company-issued laptops to close friends and family members for online use.
- Make sure family/guests do not have access to work-related devices and materials. They can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.
- Securely store your laptop and paper documents when not in use so they are not accessible by anyone else.
Resources
Need Help?
Call: (831) 459-HELP (9-4357)
Email: help@ucsc.edu
