Security At Home

Posted on 2020-04-15 by mike

As most of us are now working from home, it is time to consider security in the home; because you are working from home, security at home is important to the university (in addition to yourself). Indeed there are new dangers in the present situation that you may not have considered.

For instance, many of you have posted cute pictures of “co-workers” (four-legged ones) curled up on or near your laptops. But have you considered what is visible on the screen?

And despite choosing a deliberately innocuous window to take a copy of, it still contains some information that it may be worth thinking twice about making public!

This is a screenshot rather than a phone picture with a screen in it, so you may be thinking that what is in your phone photo is less visible. Except that :-

  1. It is simple to save a copy of that photo outside of where you are sending the photo (Facebook is the default option here) so it can be viewed in a different manner than you expect.
  2. You can zoom into images to see details not usually visible. And try other image enhancements to make things clearer.

The key thing is to remember is to obscure whatever is on the screen for fun photos – bring up Notepad, maximise it, and write “Not work stuff” in big letters!

Obscuring the screen should also be considered if you are working from home with others in the house – consider getting a privacy overlay (link provided as an example and not an endorsement) for your screen and minimise what you are working on when someone peers over your shoulder.

You should also lock your screen when you are away from the keyboard for any length of time! Apart from anything else, it’ll stop you coming back and discovering that your toddler has finished off that important email and sent it off.

Web Cams

We are all using web cams a bit more than we would normally do, so it is worth considering their security. Always treat a web cam as though it is turned on and your boss and co-workers can see what you’re up to in front of it.

Whilst some webcams are insecure and can be remotely controlled, that is not the danger we’re talking about here. This is more about getting into the routine of being able to join a video conference without making an embarrassing ‘mistake’ – I already know of one web cam accident where a conference attendee had a boyfriend wander through the background “inappropriately dressed”, and I’m sure Facebook will shortly be full of “Top 10 Embarrassing Working From Home Web Cam Accidents” (and I’ve heard about another just during the time it took to write this post).

Not that this should discourage you from using a web cam; just bear in mind the advice in the first paragraph, and discourage uninvited guests from joining the conference (although nobody minds four-legged visitors).

Phishing and Scams

You are probably all bored to tears reading advice about phishing attacks and scams, but it bears repeating because there are those trying to take advantage of the current situation for financial benefit :-

  • If it’s too good to be true, it probably is.
  • If a certain level of urgency is urged, it is worth taking time to be careful.

There is a whole category of old articles to read on phishing.

Using Non-University Equipment

If you are using university-supplied equipment for your work, IS will take care of the security of your device in terms of the system maintenance – providing that you connect it to the VPN (GlobalProtect) regularly. If you prefer to use your own equipment for UoP work, you will be expected to perform much the same system maintenance work (which you should be doing anyway to keep personally safe) :-

  1. You must be using a supported operating system. Unsupported operating systems do not get security patches and so will be assumed to be unsafe (they will be sooner or later). If the hardware you are running will not run a later operating system, you will have to arrange for another machine. This may seem harsh, but
  2. You must install operating system patches as and when they arrive; indeed you should check for operating system patches on a regular basis – daily, weekly, or monthly. An operating system that does not get updated is putting yourself (and the University) at risk!
  3. Similarly any installed software needs to be regularly checked for updates – especially web browsers!
  4. If you have any University work data on your own machine(s), you should make sure that the storage is encrypted. If you use any hardware from within the last 5 years or so, the performance impact will not be noticeable.
    1. Use approved cloud-based storage (including the N: and K: drives – they’re in the “UoP Cloud”) as much as possible.
    2. If you must put work data on your local disk(s), remove it as soon as you have finished work on it.
  5. Using the VPN (GlobalProtect) will give you an extra level of protection against “nasty” stuff on the Internet, so please feel free to use it even if you think you have an immediate reason for using it.

This entry was posted in Active Attacks and tagged , , , , . Bookmark the permalink.