Take Cybersecurity Seriously When Working Remotely | Information Technology | University of Pittsburgh
!

You are here

Take Cybersecurity Seriously When Working Remotely

Now that most Pitt faculty, staff, and students are working and learning from home, there is a different set of cybersecurity considerations to keep in mind. Take an active role in keeping your data and the Pitt network safe with this five-point plan for making your living room as secure as your on-campus office, lab, or residence hall room.

A 5-Point Home Cybersecurity Plan

Here’s what you can do to help maintain the security of Pitt’s and your personal data, network, devices, and services:

1. Use PittNet VPN—but only when necessary.

You’ve probably downloaded PittNet VPN in preparation for working from home. Your temptation might be to use it whenever you’re using a Pitt service, but that can be problematic. While Pitt IT has increased the number of simultaneous VPN connections available, there is a still a limit.

The good news is that you don’t need to use PittNet VPN to work remotely most of the time. If you are accessing a resource that is protected by Pitt Passport and multifactor authentication (Duo), you won’t need to use PittNet VPN. That includes CourseWeb (Blackboard) and Canvas, Pitt Email and Calendar, Office 365, the Virtual Lab, and most other cloud-based services. VPN is only necessary when accessing a departmental workstation, server, or resource directly connected to the University network.

Only use the Pitt VPN when necessary, and promptly log out when you finish. Learn more about when to use and not use PittNet VPN.

2. Beware of phishing.

Hackers are taking advantage of the pandemic to deploy sophisticated phishing schemes and other scams. Pitt IT monitors and intercepts many security risks, but they can’t monitor your home network or personal accounts. If the machine you use is compromised, that can impact the entire University.

You are the best defense against phishing and other scams. Know the warning signs:

  • Hover over links to be sure they are actually from/going to the advertised destination.
  • Be cautious of email addresses and URLs not from a known Pitt domain (e.g., pitt.edu).
  • Navigate directly to a trusted site, rather than clicking a link in an email or on social media.
  • Be wary of urgent messages requiring immediate action via a provided link.

Learn more about identifying phishing scams.

3. Ensure your home Wi-Fi network is secure.

Make sure you lock out anyone who shouldn’t have access to your internet service. Your home Wi-Fi network should be secured using a strong password that includes upper and lower-case letters, numbers, and special characters.

Pitt IT recommends changing your home Wi-Fi password when you begin working or studying from home. This is a convenient time to change it since, with most of your household home right now, you can all gather together and update the Wi-Fi password on your devices at once.

4. Keep your software up to date.

Departmental and Pitt IT staff cannot apply Microsoft and other vendor security patches and updates onto your home machine. But these updates are really important for slamming the door on vulnerabilities as they become known. So you need to take that ball and run with it.

5. Be careful what you store on your home computer.

Don’t save or copy confidential or sensitive University information to your home computer. This includes any personally identifiable information about Pitt faculty and staff, students, research participants, colleagues, etc. It also applies to proprietary and copyright-protected data.

Instead, keep all data stored on University systems or in approved Pitt cloud storage services, such as your OneDrive or Box account. Passwords should be stored in Pitt Password Manager (LastPass), where you can access them from any device with the master password.

You Are the Best Line of Defense for Cybersecurity

Cybersecurity is all of our responsibility, whether we are working and learning from home or on campus. To keep devices and systems running smoothly and to protect the confidentiality of University and personal data, you need to be a vigilant gatekeeper and take charge of cybersecurity.

-- By Karen Beaudway, Pitt IT Blogger

Pitt students at Pitt Hackathon

EMAIL AND ACCOUNT SECURITY

Keep Your Accounts, Yours

The Account Administration service enables the University to manage its account services in an effort to securely verify and protect its identity with tools, such as Multifactor Authentication and Federated Authorization Process (Student Mart Access).

Those who utilize our Pitt Email (Outlook) service are also provided with access to select services to securely manage email communications with Advanced Threat Protection and Enterprise Spam and Virus Filter Service with Exchange Online Protection (EOP).

IT GOVERNANCE

Practice Good Governance with Our Guidance

Pitt IT regularly updates its security knowledge base with the latest governance standards, while also ensuring the University’s safety against external attacks and internal accidents with industry-leading security methods and best-practices. Request guidance or support from Pitt IT or learn more with the resources below.

IT Governance and Regulatory Compliance

Maintain compliance with applicable laws and regulations for restricted data (e.g., DFARS/CMMC, FERPA, GDPR/PIPL, GLBA, HIPAA, NIST 800-171, PCI)

Data Classification & Compliance

Protect the privacy of students, alumni, faculty, and staff through precautions and data classifications measures that guard against unauthorized access.

Governance & Policy Security Guides

Maintain safety practices around policies and standards with our easy-to-follow guides — developed and maintained for accuracy by Pitt IT Security and organized below.

pitt individuals working on computers

IT POLICIES AND PROCEDURES

Master University Guidelines

Pitt IT has partnered with University communities to establish security policies that help protect computers and information from security threats — such as viruses, Trojan horses, hackers, and other forms of cybercrime.

Review these policies to help your department protect its data, while also adhering to state and federal regulations regarding technology.

View IT Policies & Information

IT SECURITY AUDIT SUPPORT

Manage Security Audits with Our Help

Pitt IT Security is available to assist departments and schools in all IT security audit needs — including regulatory requests. Contact us for expert guidance in managing and executing audit processes through risk identification, evaluation, and mitigation.

IT Audit Guidance

Request risk-based security audits from Pitt IT Security to determine if your University data is adequately protected. Assistance is also offered in cases where departments are requested to perform and report internal IT audits.

IT Risk Management

Improve your departmental risk identification, evaluation, and mitigation capabilities by working with Pitt IT Security to identify risks, assess any potential impacts, and lessen risks by implimenting mitigation controls.

IT Contract & Agreement Review Service

Review contracts and agreements with our guidance to determine if your department and the University can meet contractually obligated data-security requirements.

THREAT AND INCIDENT MANAGEMENT

Identify Risks Before They Become Threats

Pitt IT Security can help you identify potential threats before they become issues for your department. Are you concerned that your data has already been compromised? Pitt IT Security will help you assess the situation, manage the incident, and respond to University stakeholders and legal partners.

IT SECURITY ARCHITECTURE AND ENGINEERING

Build a Security Strategy that Fits Your Needs

Security architecture can help you design and document key elements of your overall security program, which ensures that your department and users can understand and utilize methods for creating safe, collaborative digital environments. Pitt IT Security will work closely with you to create a well-defined strategy that fits your needs and uses industry-leading best practices to enable your department’s security and success.

Strategy and Design

Plan and create your IT environment with security as a top priority.

Security Tooling

Implement the proper tools and security measures for your needs.

Solution Engineering

Design and develop secure solutions that fit your unique work processes and data needs.