Protecting Yourself While Working Remotely

This week is all about protecting ourselves while we are working remotely; whether you have a position that is approved for telecommuting or travel frequently for the university. The ability to work from anywhere has revolutionized how we support our students and has given us the flexibility that many of us enjoy. However, that flexibility also brings with it unique cybersecurity challenges. 

Below are some tips to protect yourself, your family, and UAH while you work away from the main campus.

Keep Your Device Secure

Whether you are using a tablet, laptop, or other mobile device, the university is only as secure as the devices that connect to it. It is crucial that you keep your device as secure as possible. It is best practice that you:

  1. Keep your operating system and applications on the latest supported versions. Your system should be configured to automatically update when new versions are released. If you are unsure if this is the case, contact your UAH support personnel.
  2. Do not allow non-UAH personnel (even family members) to use your device. UAH devices are provided to you to fulfill UAH’s mission. You never know what others will do on your computer when you give it to them to use. There have been instances where an employee’s child has downloaded a pirated version of software to their UAH device and it became infected with malware.
  3. When you have your UAH device away from the campus, store it in a secure location. 
  4. Never attempt to bypass security software on your device or “jailbreak”, “crack”, or “root” the device. Doing so bypasses a number of security protections in place and makes it more likely that your device will be compromised.

Keep Your Logon Secure

The combination of your password and your Duo Multifactor Authentication (MFA) solution is sufficient protection for a majority of UAH use cases. However, there are some caveats to this statement:

  1. You should use Duo any time it’s technically feasible. Duo MFA provides additional layers of protection for your account above and beyond what you get with just a password alone, making accounts protected by Duo more difficult to compromise.
  2. Never share your Duo code with anyone. UAH IT will not ask for the code that appears on your Duo app or other authentication device. Sharing that number with an unknown individual is one of the only ways your account can be compromised while using Duo. Any text message or phone call you receive claiming to be from OIT and asking for that number is an attempt to compromise your account and should be reported to the OIT Help Desk.
  3. Do not use your UAH password as a password for any other non-UAH website or computer system. Computer systems and websites of all kinds are being compromised all the time. Many times when a website or system is compromised one of the first things they do is download a copy of stored user passwords whether they’re encrypted or not. If you used the same password for your UAH account as you did on a commercial website and that website gets compromised, then the password they have from the commercial website could be used to gain access to your UAH account.
  4. Never share your UAH password with anyone. Per UAH policy you are responsible for all actions taken by your user account. 

Keep Your Location Secure

Even with a secure device and a secure login, you need to be aware of your surroundings while working on a UAH device. 

  1. Be wary of anyone trying to look at your screen. It is potentially a breach of confidentiality if someone sitting behind you in the coffee shop reads the FERPA data on your screen. If you have to work in a public place, choose either (a) not displaying any information that would be protected by federal, state, or local laws or statutes or (b) sitting in a location where no one can be behind you without your knowledge.
  2. Whenever you are remote, especially on public wi-fi, use the UAH Virtual Private Network (VPN). OIT provides the Ivanti VPN client that is pre-configured to connect to the UAH VPN. This software is available for download from Chargerware. It is not difficult to use. All you have to do is run the Ivanti Client and then log in with your UAH credentials and it provides a secure, encrypted connection back to the UAH network.
  3. Contact the Office of Research Security (ORS) before traveling internationally with UAH devices. ORS maintains an updated list of embargoed countries and can help ensure you do not run afoul of any Export or International Travel regulations. 

By taking a little care and following a few simple steps you can help UAH stay #ChargerSecure

To submit an announcement, contact omc@uah.edu.
More info