Working from home increases cyber security risk. The protective controls that are available on the university network are no longer protecting you, so increased diligence is required on your part in order to mitigate the increased risk. The following is a checklist to help you with your cyber security responsibilities as part of the extended cybersecurity team.
Secure your home network
- Use a strong password for your home Wi-Fi network.
- Ensure that your home Internet router has all vendor software patches installed.
- If you rent your router, this may be done automatically by your Internet service provider.
- If you own your own router, you will need to verify this yourself. Refer to your router vendor's website for details.
- Keep all your devices up to date.
- Make sure your wireless router, computer, mobile devices, programs and apps are running the latest version of its software.
- Enable automatic updating where possible. This rule applies to almost any technology connected to a netowrk, including your work devices and your smart TVs, baby monitors, security cameras, home routers, and gaming consoles. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you.
- Consider using free DNS-level protection for your entire home network, such as the CIRA Canadian Shield.
Secure your computer
- Ensure your anti-virus is up to date.
- It is important that you run always-on, full-featured anti-virus from a reputable vendor that scans continuously for malware. Many free anti-virus tools that you can download free from the Internet are run-on-demand, and only scan and protect your computer when you run it manually.
- If your computer is running on Windows 10, it comes with Windows Defender, so you already have anti-virus software installed. You can use the “Windows Security” app to be sure there are no problems.
- Maintain a division between your work and home life:
If you are using an Acadia provided computer |
If you are using your own computer |
Use this computer exclusively for work. |
Avoid blending your work and personal environments (e.g. use separate user accounts for different roles, do not allow anyone else to use your accounts). |
Do not allow family members or others to use the Acadia computer you use for work.
Members of your family can accidentally see work related information (a breach), or accidentally erase, modify information, or infect the device.
|
Ensure your home computer is up-to-date (e.g. operating system, web browsers, software, vendor-recommended updates are applied, etc.)
|
If necessary to access your work environment, use the Virtual Private Network (VPN). This is required to access certain resources, as though you were working on campus. It is recommended that you use the VPN only when necessary (e.g. if you are access a service or application that requires VPN).
Secure your data
- Create a strong password, practicing "Unique Account; Unique Password" and consider a Password Safe to help manage your passwords.
- Use Acadia file storage, such as Teams, Sharepoint or OneDrive via Office 365, for your work documents. This ensures that data will be backed up, and allows access to these documents by co-workers, if required.
- Do not store confidential, personal or Acadia related documents on your hard-drive, a USB stick or a personal cloud storage (Google Drive, Dropbox, iCloud, etc).
- Do not send Acadia University documents via email.
- Confidential or personal data that you use as part of your work should only be kept on Acadia devices, stored in Acadia's Office 365 application.
- Hold onto documents for secure shredding rather than placing in recycling.
Secure your collaborations
- Use Teams to maintain contact with your co-workers.
- Practice safe meeting protocol. See Teams Meeting Security Settings.
- Test your hardware and software to ensure that webcams and microphones function properly. Support for any issues you encounter may be delayed, so it is important to verify that you have the tools needed to work remotely.
- Separate your work and your home email; use a separate email for personal related communications.
Secure your family
Technology alone cannot fully protect you - you are the best defense. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they'll attempt to trick you into giving it to them:
- Be wary of COVID-19 spam that is being distributed via email and social media (e.g. messages with references to legitimate information sites to induce recipients to click on malicious links)
- Do not click on links in suspicious email messages. Avoid clicking on any links in email if possible; browse to known sites by entering the URL yourself into the browser address bar.
- Learn to recognize the Red Flags and suspicious emails.