Work Securely from Home

The Duke IT Security Office offers the following recommendations for faculty and staff working from home:
  1. You are the best defense.
    Technology alone cannot fully protect you. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency. Know the signs of a social engineering attack and be cautious of any messages that:

    1. Create a sense of urgency through fear or intimidation, or pressure you to bypass security policies or procedures.
    2. Appear to come from a friend or colleague but ask you to do something out of character.
  2. Secure your home network. Make sure that your home wireless (Wi-Fi) home network is properly secured. One simple but important step to protect yourself and your machines is to change the default administrator password of your wireless router. The administrator account is what allows you to configure the settings for your wireless network and should be changed and protected. For your family, make sure that you have a password set for wireless access. This password should be different from the administrator password.
  3. Follow best practices with passwords. Make sure that you're using strong passphrases for all accounts. A password manager such as LastPass can help to securely store these passwords.
  4. Make sure all computers are updated. Make sure all computers and devices are getting the latest software updates.  If you are using a Duke-owned computer, contact your departmental IT support team to make sure the computer is enrolled in Duke’s endpoint management program.  If you are using a personal computer, follow this guidance to check your settings.
  5. Restrict access for work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device. Follow these guidelines for securing personal devices.
  6. Use a Virtual Private Network (VPN) when necessary. Duke's VPN provides a secure connection if you need to reach on-campus Duke computing resources.

NOTE: Duke Health employees should follow the Duke Health Technology Guide for Working Remotely.

A PDF fact sheet is available from SANS.