IT security awareness: Secure remote access
July 11, 2018
Staff, faculty and students are often accustomed to using public Wi-Fi hot spots,
and may use them to access institutional emails and documents. Occasionally, they
might use free charging ports at airports and other public places, risking the transfer
of malware or viruses to their device. University employees sometimes send and receive
work documents from their personal email account. These are examples of remote network
or device access, and all could pose a security risk for staff, faculty and students
at the university.
Today's attackers are always working to find weak points in networks, computers and
mobile devices to compromise personal information. Protecting university devices and
systems is made particularly difficult by the lack of physical security controls available
at remote locations, the use of unsecured networks, and connecting infected devices
to internal networks.
How you can protect your data and devices:
- Assume the worst will occur and plan accordingly. Laptops and other wireless devices can be lost or stolen. External networks not controlled by an institution are more susceptible to compromise and data interception. A remote user's devices can become infected with malware.
- Users should take every reasonable precaution to ensure their remote access connections are secured from interception, eavesdropping or misuse. Anyone remotely accessing campus resources for business, maintenance or upgrades should use a VPN provided by the institution. Do not store sensitive or restricted institutional data on any remote host or external access device.
- Ensure personal devices are secured against common threats. Remote devices should receive the same security applications and software as those found on campus. They should employ anti-virus software and data loss protection capabilities whenever possible.
- Employ strong user authentication. Many external security threats can be mitigated by multifactor authentication.
Other tips for system administrators and users:
- Apply regular updates for computer and mobile device security software, applications and operating systems.
- Install anti-virus, anti-spyware, and VPN software on computers and mobile devices. Keep software up-to-date and run regular scans.
- Install and enable a hardware or software firewall.
- Configure devices so authentication is required, run in "least privilege" mode (user instead of admin) and time out after 15 minutes of inactivity.
- Use a lock feature prior to leaving a device unattended.
- Set the security settings to the highest level on Internet browsers and adjust downward as necessary for use.
- At no time should a university employee provide usernames or passwords to anyone.
Learn more about information security at www.alaska.edu/oit/servicecatalog/#id=181.