Data Security While Working Remotely

Cybercriminals are working overtime trying to exploit the Coronavirus and ‘work-from-home’ situations.  As many College staff begin moving towards a temporary  ‘work from home’ model, it is important to keep our existing information security practices in mind and to adopt extra security measures.  As you receive instruction and remote access to the College network, please pay attention to the following best practices.  ITS has provided instructions for connecting to our terminal servers or your office workstation from home.  If you utilize these services, pay special attention to the following:

 

Keep College data ‘on College technology’:  

  • Do not screenshot items and save them to your home computer.
  • Do not save confidential information from email, email attachments, N:\ drive, or other sources to your personal technology (home computers, laptops, cell. phones, UBS drives, etc.).
  • If you checked out a laptop, treat this as you would personal technology; laptops are a high-theft target.  Any confidential College data stored on a stolen laptop would be considered a data breach by the State of Oregon and the Department of Education.
  • Remote desktop allows you to access ‘My Documents’, N:\ drive, and other College data just as if you were in the office.  Save documents back to these locations as you normally would.

 

Antivirus Software:

  • If not already installed, install an Antivirus (A/V) program and scan your computer at home, (yes, this includes Macs also.).  This will help to ensure the protection of college data.
  • Some free A/V options include:  Sophos Free, Webroot Paid, and Bitdefender Paid.
  • In addition to the above A/V, MalwareBytes free is an excellent second level of defense (you can install and use both MalwareBytes and one of the free A/V options listed above.)
  • Never disable A/V, in fact many malware infections start with a user disabling their A/V per request of the malware.

 

Secure Your Home Computer:

  • Install recommended Windows and iOS updates and security patches and reboot as required.  Updates are usually enabled by default, however it’s a good idea to double-check that you’re up to date.  Google will make this verification easy, or feel free to email Laura Boehme for more information.
    • Verify Windows Updates - link to verify the most current Windows security updates are applied.
    • Verify Mac Updates - link to verify the most current Mac OS security updates are applied.
  • Laptops (personal or College) are high-value targets for theft.  As stated above, ensure these are locked up at home safely and do not store any College information on them (even if they belong to the College.)
  • Verify that your home computers and laptops auto-lock, and require a password to unlock.
  • If you share your computers with family members, log out of all College connections before allowing others to use the technology.  Also, kids are great at finding computer viruses – see above regarding A/V.

 

Cloud Storage:

  • As always, do not store College confidential information on cloud storage services such as DropBox or Google Drive.  The security risks and liability to the college are similar to storing College data on personal technology.

 

COCC Email on Phones:

  • If your phone is setup to connect to COCC’s email services then that device must be secured as well.
  • Phones should require a passcode, swipe pattern, fingerprint, or face ID to unlock.
  • Phones must be set to auto-lock after 3-5 minutes of inactivity.
  • Enable any ‘find my phone’ type services available from your cell carrier or phone manufacturer, and verify that you can locate your phone remotely.
    • These services also allow the ability to wipe the phone remotely in case of loss.
  • Failure to follow these steps could result in our College reporting a data breach to the State of Oregon and the Dept. of Higher Ed.

 

InfoSec Support:

The InfoSec office will provide guidance via standard operating procedures:

  • Forward questionable emails (phishing, spam,) to abuse@cocc.edu.  If you have questions about the email, let us know – better safe than sorry.
  • The InfoSec office will continue to offer support via phone and email during traditional office hours:
  • ITS HelpDesk tickets – for any and all ITS support needs.

 

Increased cybercrime activity:

Hackers continuously monitor our web site and try to exploit new events.

  • Expect increased phishing emails purporting to be from College leadership (President Chesley, Deans, etc.) – report to abuse@cocc.edu as normal.
  • Expect increased phishing emails as well as malware on the internet relating to COVID-19.  There have already been reports of malware infections under the veil of Coronavirus trackers, etc.

 

Dangers of working from home:

  • Working from home technology means you are outside of the College firewall and other defensive technologies.  Use extra caution.
  • Working outside of our normal environment and routine increases our chance of human error.  Remember to be extra vigilant and watch out for phishing emails, email attachments, malware, etc.
  • In a nutshell:  Question everything, trust your gut, and reach out to ITS and myself.  Our goal is to protect and support you through these unnerving times.