Work Remote Securely

As hybrid and flexible work has become the norm, we would like to share requirements and guidance to help keep UCI institutional information and resources safe while working offsite. Some employees have also been approved to use personally owned devices while working remotely for certain types of work, but must still maintain minimum security controls on them. These cyber risk avoidance topics are applicable to both your personal life and work life at UCI.

Security Guidance for Remote and Hybrid Work

 

Use University Provided Securely Managed Devices – It is important to use a UCI owned and managed device to access UCI resources to ensure all of the proper security protections are in place by default. It may be acceptable to use a personally-owned device to access lower risk data (Protection Level 1 or Protection Level 2) as long as the security guidelines below are met and your Unit has approved it.

 

Handling P3 or P4 Data –  Protection Level 3 and Protection Level 4 data is highly sensitive information. It is important to never copy P3 or P4 data to a personal non-University device, even if temporarily. If you need to access P3 or P4 data from your personal device, use a remote session to university managed devices instead. You could also store and access the data within OneDrive supported by UCI, but avoid downloading or copying the data to your personal computer. Always consult with your Unit before storing any P3 or P4 data on your computer.

Protection Level Resources:

• • Classifying Institutional Information and IT Resources

 

Promptly Report Potential Incidents to OIT Security

Contact OIT Security if you believe a computer, user account, or data may have been breached at https://security.uci.edu/incident/

 

Wireless Connections – Ensure that your home wireless connections are encrypted with a strong password. Having a strong password on your wireless connection will prevent anyone from joining your home network. It’s also important to make sure your connection is encrypted using at least WPA2 or WPA3 strength (WEP and WPA can be hacked easily). Having an encrypted connection will help prevent others from getting access to your data. When using an open public network, always make sure the connection is encrypted when working with P2 and above data.  Lastly, just like your computer, it is important to ensure your home router has the latest software security updates too.

Resources:

• • How to Encrypt Your Wireless Network
  • Brand and provider specific instructions: AT&T, Spectrum, Cox, Verizon, Apple, Google, Netgear, Linksys, TP-Link

 

Home Internet Router Firewall – Enable your home Internet router’s firewall. A firewall will block incoming connections from the Internet by default. Only authorized connections will be allowed in and out of your home network.

Resources:

• • How to Enable Your Wireless Router’s Built-In Firewall
  • FTC – How to Secure Your Home Wifi Network
  • PCWorld – How to Secure Your Home Wifi Network and Router

 

Campus VPN – The Campus VPN allows you to securely connect to UCI’s network as if you were on campus. Many campus administrative resources require use of the VPN to access from off-campus. Consult with your Unit on when is it appropriate to use the VPN.

In general, the Campus VPN should be used when remotely accessing campus resources that are behind the campus firewall or require a campus IP address, or when accessing resources while using a wifi network that you don’t control the security for and/or when connecting to web resources using HTTP instead of HTTPS.

Resources:

• • UCI Campus Virtual Private Network (VPN) web page
  • Campus VPN – OIT Knowledge Articles

 

Session Timeout & Lock Screen – Enable session timeout and lock screen with a strong password. It is a good habit to lock your computer whenever you walk away from your device. Locking your screen at home or out in public will prevent your work from being disturbed or seen by someone who shouldn’t have access. UC Policy requires no more than a 15-minute idle timeout before locking the screen.

How to lock your computer screen:

• • Mac – Do any of the following:
    • On your Mac, choose Apple menu then Lock Screen
    • Use hot corners.
    • Press Touch ID, if available on keyboard
    • Press Lock Screen button, if available on keyboard

• • Windows – Do any of the following:
    • Press “Windows” button and “L” button on keyboard.
    • Press ctrl + alt + delete at the same time. Then select “Lock”.
    • Go to “Start” then click your user icon then select “Lock”
  • How to Set Screen Saver Passwords

 

Duo Emergency Backup Codes – Generate and securely store your Duo Emergency Backup Codes ahead of time. These codes are important to have in case your Duo device becomes inaccessible while you are working remote. Having these codes available will allow you to still work without needing to contact the OIT Help Desk. Keep in mind that these are backup codes and are only single use. After you use a code it cannot be used again.

It’s also important to keep your Duo backup codes safe. Don’t store them in the same place you store your passwords/credentials and don’t share them with others.

• • How to Generate Duo Backup Codes
    • Step 1: Log into the Duo Support Desk using your UCInetID and password.
    • Step 2: Under the User Enrollment Tab, click Generate

 

Passwords – Don’t store passwords in cleartext on your device. Use a password manager. Password managers make it so you can securely store all your passwords in one safe location. All you need to do is to remember one master password to unlock your password manager vault. It’s important to make sure the master password is complex and not easy to guess.

Learn more about Password Security Tips and Password Management Tools:

• • Password Security Tips
  • LastPass Enterprise

 

Risky Emails, Links, Sites, and Software – Phishing emails and fraudulent links, sites, and software are becoming more popular every day. They are popular among hackers because unfortunately these techniques work. Even the most well-trained individual can fall for a phishing email, visit a fake website, or download malicious software. All is needed is the perfect time and place for an individual to let down their guard.

To protect yourself against these threats, it is always good to:

• • Become familiar with how to identify phishing, by visiting the Phishing web page.
  • Pause and double check before responding to emails, clicking on links and sites, or downloading software.
  • Visit sites that you know you can trust.
  • Download and install software that you know is legitimate and come from a trusted source.
  • Report any suspicious activity to security@uci.edu.

 

Security Guidance for Using Personal Devices for Work

Before using a personally-owned device for work, always consult with your Unit. If your Unit allows personal devices to be used for some types of work, the device must still be protected at the same level as a UCI managed device according to UCI Security Policy & Standards and should not store P3 or P4 data (see above).

 

Operating System and Software Patching – Keep your devices patched with the latest security updates, don’t use old operating systems that are no longer supported by the manufacturer. Software manufacturers are always finding areas that need to be fixed within their software code. Often these code fixes are security related. When this happens a security update is released. Applying the latest security update helps keep your devices safe from known vulnerabilities hackers can take advantage of.

Resources:

• • How to Update Your Computer and Devices

 

Anti-malware/Anti-virus Software – Run anti-malware software with the latest updates if your operating system supports it. Running anti-malware on your machines, is one of the easiest ways you can protect your devices. Anti-malware scans your computer looking for any known viruses, malware, or risky installed software. It’s important to keep your anti-malware software up to date, so it can be looking for the latest known software threats.

Faculty and staff, contact your department technical support team for help obtaining and installing anti-malware software on UCI machines.

Anti-malware software can be found for purchase at most computer stores, office supply stores, and the UCI Book Store.

Install and Update Anti-Malware Software

Free Anti-Malware Software:

• • Microsoft Defender
  • Apple Built-In
  • Malwarebytes

 

Full Disk Encryption – If using a mobile device, enable encryption with strong keys. Full Disk Encryption is used to protect against theft. If your computer was ever stolen or misplaced, the data on your computer will not be accessible if full disk encryption is installed on it. For more information visit the Encryption web page.

• • For faculty and staff, contact your department technical support team for available encryption solutions for your unit.
  • For personal devices, below is a list of full disk encryption solutions:
    • FileVault for Mac
    • Microsoft BitLocker
    • VeraCrypt (free open-source for Windows/Mac/Linux)

 

User Accounts – Don’t login to your device using an “administrator” account, instead use a normal non-privileged user account. This limits the impact of potential compromises. When you use an administrator account on your computer, you have full access and control over your device. This can be risky because if your admin account ever gets compromised an unauthorized individual can gain total control of your computer. It’s best to use a general user account and then elevate to root or administrator when necessary to perform admin related tasks.

 

Host-Based Firewall – Enable your operating system’s host-based firewall. A firewall can help protect your computer against hackers and other security attacks by blocking unauthorized digital traffic and only letting in digital communications that has been listed as safe. The latest versions of Windows and Mac operating systems have built in firewalls.

• • Windows: How to Turn Microsoft Defender Firewall on or off
  • Mac: Block Connections to your Mac with a Firewall
  • Personal Firewall Protection