How to Stay Secure
Information Security Safeguards While Working from Home
As a member of the university community, you are entrusted to manage university information responsibility and in accordance with the university's Information Management and Information Technology Policies.
Here are some guidelines to follow for working from home securely:
1. Secure your home router and WiFi
See the following guide for router/WiFi security: Router Security: How to Setup Wi-Fi Router Securely
2. Secure your home computers
3. Minimize information management risks
If you absolutely need to save, store, or print university information at home in order to do your job, obtain approval from your director/chair beforehand and agree on security safeguards around version control, information sharing/exchange, encryption and retention/archive/disposal, among others.
1. Carry as little information as possible
They can't steal it if it's not stored on your mobile device. So before storing sensitive information on your mobile device (laptop, cell phone, USB flash drive), ask yourself if it is absolutely necessary to do so. Play it safe by storing sensitive information off your devices altogether. A much better option is to store that information on a secure remote platform like UAlberta Google Drive or your Faculty/Department-based network file-share.
If you do absolutely need to store sensitive information on your mobile device(s), then ensure appropriate and adequate mobile security is in place, as outlined below.
2. Password protect everything
Give every device a secure password, no matter what. A secure password does not consist of your dog's name plus the year you were born - choose a password that is at least eight to ten characters long and consists of a mix of numbers, special characters, and upper and lowercase letters. Configure your device to ask for that password after you power on and after a screensaver timeout. Do not use the same password for multiple accounts, and never disclose your password to anyone.
Find tips on selecting a secure password here.
3. Encrypt your devices
Hard drives can be stolen and passwords can be cracked, so take your security a step further by encrypting your devices. Encryption is a process that turns the information stored on your device into unintelligible text characters that cannot be deciphered without the decryption key. If someone steals your device, encryption ensures that they cannot read what's on it. More information on how to encrypt your device.
4. Never leave devices unattended
No matter how short the window of time, never leave your devices unattended. You may just be dashing up to the coffee shop counter for a quick refill, but to a potential thief, this is the perfect opportunity to steal your device and all the information on it.
Lock your mobile devices when not in use, and never leave your devices unattended in your vehicle. Carry your laptop in a plain, lockable case that does not have the logos of either the manufacturer or the University. As an added precaution, consider equipping your mobile device with an audible alarm or using asset tags (which are required for University computing devices).
5. Ensure you have the latest software
The latest software comes with the latest security. Updating your software for known vulnerabilities is known as patching, and an unpatched device is much more susceptible to attack than a patched one. Make it easy on yourself and enable automatic updates on your device whenever possible.
To be even more secure, install and enable anti-virus, malware, and spyware software and run frequent scans. Never download free software or apps unless you are 100% certain the product is safe and contains no adware, spyware, or viruses. Finally, consider using a personal firewall to deflect the most dangerous Internet attacks.
6. Practice safe surfing
If you have to deal with sensitive information online, then make sure the site you're on is secure - that means it begins with https, not http. The extra s at the end means that any data sent over that connection is encrypted and cannot be read by hackers.
If you absolutely have to send sensitive information over an unsecure (http) connection, then connect to a virtual private network (VPN) first. A VPN will securely connect you to another network over the Internet so you can keep your browsing activity private and safe. Learn how to connect to the university VPN.
7. Use extreme caution when using shared networks, computers and charger kiosks
When it comes to mobile device security, sharing is not caring. Using public and unsecured WiFi to access sensitive information can put you at risk. Hackers can compromise your Internet traffic, monitor your activity, and steal your personal information. If you do need to use unsecured WiFi, then connect to a VPN first so you can securely connect and transmit data sent over that connection.
Shared computers are prime targets for keylogging and other malicious activities. If you must use one, keep your use short and light. Do not share files or sensitive information, do not log into your personal or University accounts, and do not visit unsecured (http) sites.
Finally, avoid plugging your devices into shared charger kiosks. As harmless as it may seem, there could be a hacker on the other side of that wire. The mobile device's power cord is also used to transmit data to and from your device. If the kiosk port is compromised, then so your your device and data.
Learn more in our Travel Tips section.
8. Enable remote wipe
Even the most vigilant users can suffer a loss or theft, so be prepared and enable remote wipe on your devices. This ensures that if you do lose your mobile device, you can clear it of sensitive information before it falls into the wrong hands.
9. Mobile device loss
If, despite all your precautions, a mobile device is stolen or lost, report it immediately. The following stakeholders need to be immediately notified:
- your supervisor/manager
- the IT administrator providing support for your mobile device
- if enrolled in the University Mobile Device Service, then contact the IT Service Desk via the Staff Service Centre
- the university's Information and Privacy Office (foipp@ualberta.ca) and/or the Chief Information Security Officer (ciso@ualberta.ca)
- Report a breach through the Privacy and Security site