|One Step Ahead
December 22, 2009, Volume 56, No. 16
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Secure Remote Solutions
It’s holiday time, and many people all over the world are looking forward to a well-deserved break from work. But let’s be real—an awful lot of people will still be working—and quite often from home or from a vacation spot.
Working with confidential University data—which includes most personally identifiable data and operational data—must be done responsibly. And working from home or other non-Penn locations needs even more attention because you have left the Penn-managed computing environment.
To protect the privacy and security of confidential University data, and to ensure that this data will remain available to you, bear in mind that the data you are working with is only as secure as the machine you are working on.
• If you are using your own home machine, make sure that you have updated antivirus software and security patches and utilize a firewall. An easy way to do so—and strongly recommended—is to use Penn’s security suite on the Penn Connect CD. See www.upenn.edu/computing/pennconnect/about.html.
• If possible, use a Penn-managed laptop protected by a strong password and other security controls. The security suite will be built in.
• Regardless of the machine you are working on—make sure it is used responsibly. You and others using the machine may unwittingly compromise security by clicking on the harmful popups or opening the harmful attachments.
• Do not use public machines in libraries or Internet cafes—or other machines whose security level is unknown—to access confidential University data.
• Do not keep Penn data on your laptop or your home desktop. Instead, use secure remote access to log onto Penn’s secure servers to access data.
• If you must keep data on a laptop or home machine, keep it encrypted.
• Don’t think you can “get around” the problem by keeping data on your USB or flash drive. These drives are very easy to lose and can be easily stolen. If you are using portable storage media, again make sure the data is encrypted.
Talk to your Local Support Provider about the best work-at-home solution for you. Pin down the security issues in advance—and protect yourself from a major headache that will really make you want a vacation.
To receive OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.