|One Step Ahead
October 9, 2007, Volume 54, No. 7
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Working at Home and
Other Remote Locations:
Recognize the Data Privacy and Security Risks
Working at home and while traveling are becoming common phenomena in our society—including the Penn community. “Virtual offices” can be created almost anywhere using current technology, and flexible work scheduling is expanding in large part because of technology’s impact. The convenience that these developments make possible is accompanied, however, by increased risks to data privacy and security.
For example, assume for a moment that you are working with confidential University data on your home desktop or your laptop. Is the machine properly protected with updated anti-virus software and a firewall? Without these you are running an unnecessary risk of having confidential Penn data hacked. Has a family member perhaps downloaded file-sharing software to your computer? If so, another machine running that software could potentially access all of the data—including the University information—on your hard drive, not just the files that your family member intended to share.
It is critical to be aware that working with confidential Penn data on personal desktops and laptops gives rise to significant new privacy and security risks. To help address these risks, the following steps are recommended:
• Minimize—and if possible avoid—use of personally-owned machines to access confidential University data such as SSNs, health information, credit card data, student records, and financial information.
• Be especially cautious regarding computers used by others who may have downloaded dangerous software such as file-sharing tools.
• Protect your machine with a Penn-recommended security suite.
• Encrypt any confidential data that is stored locally on your computer.
It is also crucial not to use computers whose security level is unknown—such as public machines in libraries and Internet cafes—to gain access to confidential University data.
For some basic tips on protecting your computer’s security visit the Hot Links listed at www.upenn.edu/computing/index.html.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.