Security Basics – Working from Home

As we shift to remote learning and as staff members of the university community begin working from home, it is important to remember that handling UMass Lowell (UML) data outside of our typical workspaces presents unique challenges. Taking a few additional security precautions when working remotely can help to keep UMass Lowell’s valuable information secure.

• Updating WiFi Security Settings for Home WiFi Networks (pdf)
• Security Essentials (pdf)
• Attack Spotlight (pdf)
• Working Remotely Safeguards (pdf)

Basic steps you can take to enhance security at home:

1. Watch for phishing attempts. UMass Lowell remains a high-value target for cybercriminals. Be especially wary of emails that attempt to get you to share your password as a requirement for keeping your account active. Attackers will often try to exploit an existing relationship by posing as someone you know or trust (such as a colleague or supervisor) and creating a sense of urgency. If you suspect an email is not legitimate, please click your message's ‘Report Suspicious’ button. This will send it into our automated response system, and you will receive feedback once the message has been analyzed. If the Report Suspicious button is not in the message and/or you need further assistance, please contact TechServices by phone: 978-934-4357 or email: help@uml.edu.
2. Keep work data on your work computer. It is always preferable to conduct university business on university-owned devices. Storing your files on OneDrive also protects your data in case of device loss, theft, or malfunction. If you must conduct university business on your personal device, do not store UMass Lowell data on that device. If you have copied university data to usb drives for any reason, it is recommended you encrypt the usb drive. On windows, you can use “BitLocker to Go”. As a reminder, if you no longer need the data, you should delete the files. Additionally, please don’t email sensitive files from your university account to your personal email account as it is against the University’s Email Usage Policy.
3. Handle Confidential and Restricted Information with Care.
   • Do not access information classified as “Restricted” or “Confidential”) under the University Data Classification Policy, IT-5-106, on your personally owned device. University-owned information assets are equipped with secure perimeters including Wi-Fi, VPN, encrypted drives, anti-virus, end-point protection, and active monitoring while on the UML network. Personal (non-university owned) devices do not have this level of security and pose a higher level of risk. Avoid taking confidential or restricted paper documents home or printing them on home printers. If handling such documents is essential out of the office, ensure they are kept securely away from other household members and dispose of them securely when no longer needed by returning them to university secure disposal or using a crosscut shredder.
4. Restrict Household Access to Work Devices and Information
   • Do not allow other household members to use your work device. Make sure your work-from-home location prevents others in your household from seeing or hearing any confidential or restricted information, whether on your screen or in your conversations.
5. Be Mindful of Voice Assistants and Smart Devices
   • If you work in a room with smart devices, such as an Amazon Alexa, Google Home, or similar voice-activated system, consider muting or turning them off when discussion of displaying sensitive information. These devices can unintentionally record information that may later be accessed.
   • Adequately protect your system. This includes activating and/or enabling anti-virus software, regularly updating your operating system, and enabling the firewall on your operating system.
6. Avoid public Wi-Fi. If necessary, use a personal hotspot. Public Wi-Fi can introduce significant security risks and should only be used if absolutely necessary. If using public wi-fi you should also connect to the campus VPN to protect your network connectivity. Please view our VPN and Remote Access page for more information on the VPN. 
7. Always keep your device with you. Never leave your device or laptop in your car unattended, and make sure your screen can’t be seen by those around you. Password protect your device, not just your Access Account.
8. Only use UMass Lowell-approved video conferencing applications such as Zoom and Microsoft Teams.
9. Report Security Incidents Promptly
   • If you believe that confidential information has been exposed or if you notice any unusual activity on your accounts, report it immediately to UMass Lowell's TechServices team. Prompt reporting allows faster response and mitigates potential security risks.
10. Do not sync UMass Lowell data/files to personally owned devices such as Box Sync or Dropbox. Rather, use the university’s branded OneDrive.

Remember, legitimate services and sites including UMass Lowell never have a reason for you to send them your password.