Secure Remote Work and Study
A basic assessment can prevent vulnerability
Secure Remote Work and Study
March 2020 was a sudden change for all of us at Pepperdine, with students having to leave campus by the weekend and the following week nearly all staff being asked to work from home. We have all had various struggles in making this transition, but now that we have made some adjustments, I wanted to check in and ask everyone to take a moment and assess their information security situation with regard to their Pepperdine work.
Students
You are on the mind of the Information Security Office & IT teams right now as we are apart. Take a moment along with meeting your deadlines to make sure your assignments and personal information are secure. Here are three quick things to assess:
- Did you back it up?
As a masters student, I learned the hard way about losing my assignment to a computer glitch right at my deadline. When I was a doctoral student, remembering this loss made me squirrel away lots of copies of my dissertation files! The easiest way you can make sure you have good access to your school work is to use Google Drive. If you're using the Microsoft Office Suite, upload copies of your files to your Pepperdine Google Drive. If you're working directly in Google, download a PDF or MS Office version of your work. This way if you or someone else blows away one copy, the other copy is there to be retrieved. - Do you manage passwords?
Or do you just have one? As many of our students that use Chegg found out last fall, when you use the same password everywhere, if someone breaks in one place (Chegg) they can abuse your access and get you locked out in another place (Pepperdine). Get LastPass Free from LogMeIn, and start using it to generate, replay and secure your passwords – different for every site. Your Vault pass phrase, over time, will become the Last Password you need to remember. And you'll find yourself with a lot less lockouts and password resets. - Are you wary?
You've run across a lot of scammers on the Internet. Any crisis seems to generate new attempts to trick us out of our info by clicking links without checking or responding to spoofed email addresses in a hurry. If some email or link or pop-up request feels odd or too urgent or has a COVID-19 theme, slow down. Either examine it closely before taking action or get rid of it. If you see a pop-up saying your computer is infected, just exit your browser or restart the computer without clicking the pop-up. Then, run the recommended free Sophos Home antivirus.
If you need any computer or security help–Mobile, Macintosh, or Windows–our Tech Central team is here for you at 310.506.4357 (HELP). Best of success as you close out the term and prepare for summer. We hope to see you soon!
Faculty & Staff
Even the most technologically savvy of us has had to learn a few new skills since we began work at home! I hope you are adjusting well. Let me share a few guidelines that will help you protect student data and preserve trust in the University.
- Can you work on a University system?
Whether we are working with Public or Confidential data, its best to use a University system, if you can. Some of us have University owned and managed laptops to work with, but some of us tend to work on personal or home computers (if permitted by your Supervisor). Like working on a personal mobile device, that may be OK for work that is done inside our University systems or clouds, such as Wavenet, Courses or Google Suite. I say this is OK, not as a best practice recommendation, but as a concession to our exceptional circumstances. Using a personally owned computer is not recommended if you share the computer with other household members, and should be avoided entirely if you do not have a separate login account with a secure password that your household does not know. If your work involves creating Confidential information in local documents, and you don't have a University owned laptop, try this: download the Microsoft Remote Desktop software from the Apple or Windows store and connect to remoteaccess2.pepperdine.edu. (Note: You will need to the University VPN and SecureConnect to reach our Remote Access server.) Once on Remote Access, you will find a familiar Windows desktop and your own S and U drives. This system is managed by University system administrators and is secure for Confidential data. - Are you checking the true source?
Avoid being tricked out of your password or funds by checking the email address of strange requests that appear to come from an executive or superior. Click or tap the email sender name to reveal the address of the sender. If it doesn't come from an address that ends in @pepperdine.edu it is likely a spoof. Do not respond to such requests. You may report them using the Phish Alert button, but the only necessary action is to delete them. Do not forward a suspected phishing message, especially if it has links or attachments. If you receive suspicious communications that ask you to click a link or download a file, and you don't want to delete it, contact the alleged sender by looking up their published email, web address or phone number to verify authenticity. University departments can decrease the suspicion of their messages by following our Departmental Mass Mail Tips. - Are you sending, receiving, saving or printing RESTRICTED information?
RESTRICTED information is a very small subset of documents containing data fields like Social Security Number, Credit Card Number, California Drivers License or Healthcare records or diagnoses. We emailed all our colleagues with encrypted computers at the start of the work at home transition to remind them that RESTRICTED information must be printed, transmitted or saved ONLY on University owned computers with the University managed encryption suite. If you find yourself saving, printing or transmitting documents with RESTRICTED data, STOP and contact the Information Security Office at 310.506.4040. To transmit RESTRICTED data documents securely to or from an encrypted computer, use attachments.pepperdine.edu. These documents are not permitted in email, S:/U: drives or Google Drive.
Thanks for all you do to serve our students and colleagues and for your security mindfulness. If you need any computer or security help–Mobile, Macintosh, or Windows–our Tech Central team is here for you at 310.506.4357 (HELP).