Tuesday, December 12, 2006 - Almanac Vol. 53, No. 15
Working from home and the data you work with
More and more Penn faculty and staff are working from home and more and more resources are available to make it easy. But several data protection issues arise with work-from-home activities.
The safest way to work from home is to use a Penn laptop, managed by a Local Support Provider, that is protected by a strong password, up-to-date patches, and antivirus software. Data should not be kept on the laptop. Instead, use the laptop (and secure remote access) to log onto Penn’s secure servers to access data.
If you must keep sensitive data on the laptop, talk to your Local Support Provider about using an encrypted file system, which would make the data unavailable to others if the laptop were lost or stolen. Always use a strong password for access to the laptop. Also, purchase and install Computrace software, available from the Office of Software Licensing (www.business-services.upenn.edu/softwarelicenses/). If a computer is lost or stolen, this software will identify its location as soon as it is connected to the Internet, and can securely delete the data from a remote location.
If you are using a home computer instead of a Penn laptop, keep in mind that the Penn data you are working with is only as secure as the machine you are working on. In most cases, Penn does not support home machines. As a result, you must yourself maintain and update antivirus software and security patches, and ideally utilize a firewall, to protect your machine and the data that you access from that machine, including Penn data.
Finally, if you choose to use storage media for data, such as USB drives, these are easily "loseable", creating risk of loss or theft of data. Again, encrypt data on any external storage media and/or use a strong password to access the data.
Talk to your Local Support Provider or contact ISC Information Security (email@example.com) for more information on these important security controls for work-at-home activities.