Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Decorative

Working remotely presents unique challenges for information security because remote work environments don't usually have the same safeguards as working on-campus. When an employee is at the office, they are working behind layers of preventive security controls. While not perfect, it is harder to make a security mistake while at the office. However, when computers leave campus and people work remotely, new risks arise for the University and additional safeguards and vigilance is essential. For more details see the Fredonia Secure the Human Reference Guide.

Risks and Best Practices

Social Engineering
Anchor
Social Engineering
Social Engineering

One of the greatest risks remote workers will face, especially in this time of both dramatic change and an environment of urgency, is social engineering attacks.  Social Engineering is a psychological attack where attackers trick or fool their victims into making a mistake, which will be made easier during a time of change and confusion.  Keep in mind, social engineering attacks like these are not limited to phone calls or email; they can happen in any form, including text messages on your phone, over social media, or even in person. The key is to know what to look out for--you are your own best defense. Ultimately, common sense is your best protection.  If something seems suspicious or does not feel right, it may be an attack. 

...

  • Always Use strong passwords or passphrases whenever possible. The key to strong passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. For more about passphrases see https://fredonia-edu.atlassian.net/l/c/emyUmzvP
  • Make sure each of your accounts has a separate, unique password. Never reuse passwords across multiple systems and do not share your password with others.
  • Can't remember all of your passwords/passphrases?  Consider using a password manager to securely store all of them for you.
  • Set up two-factor authentication whenever possible. The University utilizes Azure multi-factor authentication for many critical and sensitive systems. To learn about Azure MFA visit Multi-factor authentication (MFA) - FAQs at https://fredonia-edu.atlassian.net/wiki/x/EgBhaQ.
    NOTE: This is a good time to review your second factor devices to make sure you can login to your protected services remotely.
  • Do not use your eServices credentials (email/password) for other non-work related services (e.g. Facebook, Dropbox, etc.).

...