Take Cybersecurity Seriously When Working Remotely | Information Technology | University of Pittsburgh
!

Take Cybersecurity Seriously When Working Remotely

Now that most Pitt faculty, staff, and students are working and learning from home, there is a different set of cybersecurity considerations to keep in mind. Take an active role in keeping your data and the Pitt network safe with this five-point plan for making your living room as secure as your on-campus office, lab, or residence hall room.

A 5-Point Home Cybersecurity Plan

Here’s what you can do to help maintain the security of Pitt’s and your personal data, network, devices, and services:

1. Use PittNet VPN—but only when necessary.

You’ve probably downloaded PittNet VPN in preparation for working from home. Your temptation might be to use it whenever you’re using a Pitt service, but that can be problematic. While Pitt IT has increased the number of simultaneous VPN connections available, there is a still a limit.

The good news is that you don’t need to use PittNet VPN to work remotely most of the time. If you are accessing a resource that is protected by Pitt Passport and multifactor authentication (Duo), you won’t need to use PittNet VPN. That includes CourseWeb (Blackboard) and Canvas, Pitt Email and Calendar, Office 365, the Virtual Lab, and most other cloud-based services. VPN is only necessary when accessing a departmental workstation, server, or resource directly connected to the University network.

Only use the Pitt VPN when necessary, and promptly log out when you finish. Learn more about when to use and not use PittNet VPN.

2. Beware of phishing.

Hackers are taking advantage of the pandemic to deploy sophisticated phishing schemes and other scams. Pitt IT monitors and intercepts many security risks, but they can’t monitor your home network or personal accounts. If the machine you use is compromised, that can impact the entire University.

You are the best defense against phishing and other scams. Know the warning signs:

  • Hover over links to be sure they are actually from/going to the advertised destination.
  • Be cautious of email addresses and URLs not from a known Pitt domain (e.g., pitt.edu).
  • Navigate directly to a trusted site, rather than clicking a link in an email or on social media.
  • Be wary of urgent messages requiring immediate action via a provided link.

Learn more about identifying phishing scams.

3. Ensure your home Wi-Fi network is secure.

Make sure you lock out anyone who shouldn’t have access to your internet service. Your home Wi-Fi network should be secured using a strong password that includes upper and lower-case letters, numbers, and special characters.

Pitt IT recommends changing your home Wi-Fi password when you begin working or studying from home. This is a convenient time to change it since, with most of your household home right now, you can all gather together and update the Wi-Fi password on your devices at once.

4. Keep your software up to date.

Departmental and Pitt IT staff cannot apply Microsoft and other vendor security patches and updates onto your home machine. But these updates are really important for slamming the door on vulnerabilities as they become known. So you need to take that ball and run with it.

5. Be careful what you store on your home computer.

Don’t save or copy confidential or sensitive University information to your home computer. This includes any personally identifiable information about Pitt faculty and staff, students, research participants, colleagues, etc. It also applies to proprietary and copyright-protected data.

Instead, keep all data stored on University systems or in approved Pitt cloud storage services, such as your OneDrive or Box account. Passwords should be stored in Pitt Password Manager (LastPass), where you can access them from any device with the master password.

You Are the Best Line of Defense for Cybersecurity

Cybersecurity is all of our responsibility, whether we are working and learning from home or on campus. To keep devices and systems running smoothly and to protect the confidentiality of University and personal data, you need to be a vigilant gatekeeper and take charge of cybersecurity.

-- By Karen Beaudway, Pitt IT Blogger