Best Practices for Telecommuting Securely

Please note: personally-owned computers used by multiple people in the household are unlikely to meet the Campus Minimum Security for Networked Devices (MSSND) Standard. Risks to consider with home systems include:

  • Multiple users with administrator access allow for the download and spread of malware
  • Insecure configurations leave the systems vulnerable to attacks
  • Home users use software that is not supported and may not be patched for vulnerabilities
  • Institutional information downloaded or cached to the machine may be exposed to other family members

If you do not have a work computer to use at home and need to access highly sensitive (P4) data, or are a Systems Administrator for P4 data, please contact security@berkeley.edu.

1. Use the Right Equipment

  • The Gold Standard: Use a University-owned and managed device if possible.

  • The Risk: Home computers used by family members often have outdated software or "Administrator" access for everyone, making it easy for viruses to spread.

  • High-Security Tasks: If you handle highly sensitive data and don't have a work laptop, email security@berkeley.edu immediately.

2. Secure Your Digital Workspace

  • Update Everything: Set your computer (Windows or Mac), browser, and apps to auto-update. These patch vulnerabilities that hackers use to get in.

  • Turn on Protection: Ensure your Firewall is "On" and you have active Anti-Virus software.

  • Use the VPN: Never use public Wi-Fi (like at a cafe) without the Campus VPN.

    • For high-security work: Use the Full Tunnel ("Library Access and Full Tunnel").

    • For basic email/Zoom: Use the Split Tunnel.

  • Encrypt Your Files: If you must save sensitive work on a portable device, you must encrypt it. Use tools like FileVault (Mac) or BitLocker (Windows) to lock your entire hard drive.

3. Protect Your Physical Space

  • Don't Leave Tech Unattended: Never leave a laptop in a vehicle, even in the trunk.

  • Lock Your Screen: Set your computer and phone to auto-lock after 15 minutes of inactivity (or less).

  • Lock Your Doors: Keep your workspace secure, even at home. If you step away, lock your computer screen manually.

  • Charging Safety: If you use a public USB charging station, use a USB Data Blocker to prevent hackers from stealing data through the charging cable.

4. Level Up Your Passwords

  • Use Passphrases: Instead of a short password, use a long string of words that is easy for you to remember but hard for a computer to guess.

  • Use a Manager: Don't reuse passwords. Use LastPass Premium (free for UC Berkeley staff/students) to store them securely.

  • Enable 2-Step (MFA): Always use two-step verification whenever it’s offered. It’s your best line of defense.

5. Save and Backup

  • Save Often: Don't lose hours of work to a crashed connection.

  • Backup Smart: Use bConnected (Google/Box) for backups. If you use an external hard drive, encrypt it and unplug it once the backup is finished to protect it from ransomware.

Topics