IT Security for Remote Work
While no place is 100% safe from cybersecurity threats, the KU campus is typically a safer work environment than off campus for several reasons:
- KU campus systems have advanced security protections and robust defense mechanisms and 24/7 monitoring.
- KU has a dedicated team of cybersecurity and other IT experts focused on protecting data and systems.
- Endless variables off campus (e.g., device manufacturers, internet service providers, operating systems, software, etc.) make it difficult to fully guard against cybersecurity threats.
This means KU employees must be even more educated on potential threats and vigilant in managing devices and following cybersecurity best practices to protect themselves and the KU community.
Limit Use of Personal Devices
The best and most secure option when working remotely is to use a KU-managed laptop or workstation rather than your personal computer equipment. If you do not have a KU-managed machine that can be connected at home, talk with your department’s IT support team to see if another option is available.
If you must use your personal computer for temporary or occasional work:
- Important: Work-related files saved to your personal computer will be subject to the Kansas Open Records Act, just as they would be if saved to your office computer.
- Use a supported operating system (Windows | Mac) that is set up to receive automatic security updates from the vendor.
- Check to make sure your computer is up to date. (Windows | Mac)
- Make sure you have installed an antivirus program and it is supported and receiving updates.
- Windows Defender is acceptable for Windows 8.1 and newer machines. KU installs Sophos on KU-managed workstations.
- Macs can and do get malware. MacOS users should choose and install an antivirus product.
- Protect your computer and mobile devices with a password. If your computer is shared with others in your household, you should set up a separate profile for KU work with a password known only by you.
- If your personal laptop you have used for KU work is lost or stolen, notify the IT Security Office immediately (785-864-8080 | firstname.lastname@example.org) and file a police report with your local police department. You should be prepared to describe the kinds of KU data you were storing on the computer.
Never conduct KU business on public computers at airports, hotel business centers, libraries, internet cafes, etc. There are numerous security risks with public computers, antivirus might not be installed, software and operating system might not be updated, and previous users may have compromised the computer by downloading malware or by connecting a malicious device.
Guard Your Privacy and Devices
Whether at home or in public protect your computer and what you’re doing on it.
- Lock your workstation when you step away from it—every time—especially in public.
- Be aware of who is around you, and what they can see. Don’t let people “shoulder surf” and view your screen. Consider a privacy filter for your monitor that will limit the viewable angle.
- Maintain physical control of your laptop if you use it outside of your home. Do not leave your computer unattended, even if it's "only for a minute."
- Store your laptop and bags out of sight in your vehicle, preferably in the trunk.
- All KU-owned laptops should already have whole disk encryption. If you will be taking a KU-owned desktop computer home for working remotely, please contact your departmental IT support staff to have it encrypted.
Make sure your home network is secure and provides connection speeds necessary to support your work. It's extremely important both when working from home, but also for your own protection that your network is securely configured. If you have a wireless network at home, security is particularly important. An improperly configured network could allow others outside your home to access your Wi-Fi network.
Secure Your Router
- Change your router's name to one the is unique to you. Routers come with a default ID called a service set identifier (SSID) or “extended service set identifier” (ESSID ) that is assigned by the manufacturer.
- Change the preset admin password immediately when setting up your router. Your router has both an administrative password for access to router configurations and a separate password for logging on to the Wi-Fi network. Don't use the same password for both!
- Choose the best security options. When setting up your router, choose WPA2, if available, or WPA, which are more secure than the WEP option.
- Set up a guest network. Some routers let you set up a separate network and password for guests, which can be useful and provide another layer of protection when you have visitors.
- Turn on firewall capabilities. Windows and Mac operating systems and many antivirus/security suites come with a pre-installed firewall. Make sure firewall options are turned on and configured properly.
Connecting to KU
You must use the KU Anywhere VPN (virtual private network) to securely connect to KU servers and other resources, including your group storage. We encourage you to work with your departmental IT support staff in advance to make sure you can connect to your files, folders and needed services on the KU network.
- KU Anywhere VPN (Cisco AnyConnect Secure Mobility Software) should already be installed on all KU-managed computers. For your personal computer, you can download and install the KU VPN software.
- Only connect to the KU Anywhere VPN when actively accessing files or services, and disconnect after use.
- If you are required to use Duo multi-factor authentication on campus, you must also use Duo when logging in to the KU Anywhere VPN. For the secondary password, enter the six-digit Duo code using the Duo mobile app or token device, or enter the word “push” to receive a notification in the Duo mobile app.
When you're working remotely but not at home, free wireless internet (Wi-Fi) and computers can be tempting. However, connecting to public or "open" Wi-Fi networks and using public computers are big security risks. If you can avoid it, don't ever connect to public Wi-Fi. If you must use public Wi-Fi, follow these best practices and tips can help to improve your security:
- Don’t transmit or download confidential or sensitive data while on public Wi-Fi, such as student record information.
- Don't download or install software or apps while on public Wi-Fi. Restrict software and app downloads, updates and installs to the times when you're on a secure network.
- A common strategy by criminals is to broadcast free and open Wi-Fi. Always verify the name of the public Wi-Fi network before connecting. Look for a Wi-Fi info sign or ask someone who works there to be sure you're connecting to their public network.
- Use eduroam, if available. You can log in to eduroam with your KU Online ID and password at many institutions around the world to access their secured Wi-Fi network.
- Consider using a pay-as-you-go or contract service personal Wi-Fi hotspot, or set up a hotspot using your smartphone.
Video conferencing through Skype, Zoom or Microsoft Teams is your lifeline to colleagues, students and others when working remotely. Video provides more engagement and increases productivity by allowing participants to read body language and facial expressions, share their screens and simultaneously text chat during the call.
Follow these tips to reduce security and privacy risks with video:
- Keep your computer’s camera covered when you’re not actively using it.
- Make sure there isn’t anything private or inappropriate in the background behind you.
- If sharing your screen, make sure participants can’t see private or confidential data. Close all other applications, including email, before sharing your screen.
- Don’t post meeting links on publicly available websites, such as an online syllabus. Post class meeting links in Canvas or Blackboard, or send through email or in an Outlook invitation.
- Lock down your meetings. Follow the steps in this Knowledge Base article to control who can join your meeting and what they can share.
- Always double check your microphone and screen sharing settings. If you are a meeting host, you can easily choose to mute microphones and disable screen sharing to make your meeting more secure. Review this Zoom help article for more information on meeting settings.
- Whether at home or in public, be aware of who is around you and what they can hear. Take steps to ensure privacy.
- Be on the lookout for emails and meeting invitations from unknown senders or look-a-like domains (e.g., kansas.zoom.info)
- Keep your video conferencing apps up-to-date. If you are working on a KU-managed workstation, these should update automatically.