Secure home working - Personal Devices

Levels of cybercrime such as phishing and ransomware have dramatically increased during the coronavirus pandemic.

The issue is exacerbated because many of us who are able to work from home are using personal devices to do so. This presents all manner of security concerns including how we access and transfer sensitive data and device security.

Here are our tips on keeping yourself, your device, and University data safe.

Device security

If you use your own laptop, tablet or smartphone for work, you are responsible for making sure it meets the following minimum protections:

  • Password protection: Biometric protection is good. Passwords are better. See our previous news item for advice on creating a strong password.
  • Encryption: Make sure you know how to use your device’s built-in encryption tools, for example BitLocker on Windows and FileVault on Macs. Or investigate third-party encryption tools. Most newer smartphones have encryption built into their operating systems.
  • Antivirus/Firewall software: Make sure you install it, enable it, and keep it up to date.
  • Software patches: Make sure you apply them and that you enable auto updates.
  • Access: Be aware of others who may have access to your device, including children who could accidentally damage it.

Data Storage, Transfer and Backup

Never use an unencrypted USB drive to copy data off the University network for use on personal devices, or to transfer data between your own devices.

We recommend using the University’s Virtual Private Network (VPN). The VPN provides secure authenticated access your H: Drive or shared Network Drive on personal devices.

Or, provided you are not working on highly sensitive or confidential data, use your University OneDrive for Business (see our guidance for Staff and for Students).

Another option is to use the University’s VDI Service. This gives you access to a virtual desktop, including your shared network drives and Office 365 applications, without the need to transfer data off the University network.

If you must use a USB drive, make sure you encrypt it first using BitLocker to go (Windows) or Disk Utility (Mac). By doing so, if you ever lose your USB drive, the information on it cannot be accessed by unauthorised users.

Working in Public

Although access to public spaces such as cafés and airports is currently limited, there are precautionary measures you should be aware of:

  • Be wary of shoulder surfers and eavesdroppers!
  • Keep devices out of sight when not in use.
  • Never leave your device unattended, even momentarily. When staying in hotels, store your device in a safe where available.
  • Beware of using public WiFi, such as coffee chains or airport networks. Attackers can set up ‘Evil Twin’ networks that imitate popular network names and intercept data in transit. Use a 4G connection where possible and make sure web traffic is encrypted (look for https in the address).

Device Disposal

When it’s time to upgrade, make sure you dispose of your old device securely.

After backing up any files you want to keep, wipe all data from the hard disk. If you are reselling or trading-in your device, be aware that basic system restores/factory resets are not guaranteed to protect data. In many cases, data can be easily recovered using off-the-shelf tools. While you can mitigate this using encryption and by overwriting with junk data, we recommend seeking expert help as the process varies widely by device and OS.

If you’re throwing your device away, we recommend you destroy the hard disk entirely.

Find out more

 

Author: Information Security Team, DDIS