Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security

Data Security - Best Practices for Using Personal Devices for Work Purposes

This article aims to offer best practices for faculty and staff who use personally owned devices for corporate effort.

Overview

In the last decade computing has become predominately portable and, with that, ownership of the devices used in a work environment has begun a measured migration from corporate to personal. The use of personal devices in the workforce introduces new challenges in administration of corporate data, particularly that of data security.

Your first responsibility in using a personal device for work purposes is to insure that you follow proper security guidelines to maintain the integrity of the data entrusted to you. This may be obvious when handling confidential data such as credit cards, but it is also quite important when you use campus resources such as file-sharing tools or email. Thieves may use a vector like an email phish to obtain your password and thereby gain access to your (and the University's) data.

You may wish to lease a computer where much of this security is managed for you. However, if you decide to bring your own device to campus, this article addresses security matters, software options, and unique concerns of specific devices.

General security practices for personal devices

  • Set up Two-factor Authentication* or 2FA to aid in protecting unauthorized access to University data.
  • Set up Identity Finder (for Mac and PC) to help you identify Personally Identifiable Information (PII), such as Social Security Numbers (SSNs), bank and credit cards, and other data that pose security breach risks.
  • Install Symantec Endpoint Protection for PC or Mac and enable Windows Defender on PC.
  • Change your CNet Password regularly.
    • You can use a long password or you can use a passphrase
    • Never share your University password or passphrase
  • Keep no Personally Identifiable Information (PII) on your computer or device and frequently back up your important documents and files.
    • If you use this type of information in your work, you should store the data on an appropriate campus service such as UChicagoBox or TANK
  • Read and familiarize yourself with University guidelines about confidential data at https://itservices.uchicago.edu/page/data-security
  • Check out the "protecting yourself" page at https://itservices.uchicago.edu/page/stay-safe for key scams and tips
  • Use cVPN to encrypt your connection to campus (also required for some campus applications)
  • Choose a strong Administrator password for your computer
  • Consider creating a separate role for device administration, and commonly log in and use an account with lower security (Mac: Admin vs. Standard, PC: Standard User vs. Administrator)
  • Avoid common threats to your computer
    • Maintain current software and updates consistently and regularly
    • When you are away from your device, log out
    • Do not propagate chain mail, even if sent from friends
    • Beware of email or attachments from unknown people
    • Do not click on links in email or web links which are not sent or linked from verifiable, trusted sources.
    • Phishing scams which represent themselves as mail from friends or an office of the university have become sophisticated; verify before clicking any links.
    • Do not download unfamiliar software
  • Restrict remote access
    • You should disable file and print sharing, which are vectors for hijacking.
    • Disable Remote Desktop (RDP) unless it is required by your work. In that case, enable it only when you need it and disable it when done

Software and services available to you

(View the full list of software available to faculty, staff, and students here)

  • Email and Calendar
    • You have several options available for email; you may set which is your primary through cnet.uchicago.edu/forwarding.
      • xMail (using Microsoft Outlook for Mac and PC, or online through xmail.uchicago.edu) is the default and includes a calendar tool which allows you to easily schedule appointments with other xMail users.
      • UChicago Google mail is also great for those who wish to closely tie mail and calendaring, though you will not have the advantage of seeing free/busy time with those whom you are scheduling appointments with, unlike xMail.
      • Though we recommended against this, you can forward your mail to an account of your choosing.
  • Microsoft Office
    • You may regularly need to share files with coworkers in Microsoft Office formats (Word, Excel, PowerPoint). Users of UChicagoBox.com can open Microsoft Word, Excel, and PowerPoint documents from with the web browser using the tools Box provided. Faculty, students, and staff with an active CNetID may download a personal copy for a very nominal (<$20) fee at http://softwarediscount.uchicago.edu.
    • If you are using a Mac, you may also find the free, installed Pages (which interacts with Word), Numbers (which interacts with Excel), and Keynote (which interacts with PowerPoint and also provides a fair replacement for Visio) may suit your needs.
    • A Visio alternative is available through UChicago G Suite (formerly known as Google Apps). Further information and instruction is available in knowledgebase.uchicago.edu.
  • File storage
    • UChicagoBox is the University’s licensed version of Box.com and includes unlimited storage. There is no individual or departmental charge associated with the use of UChicago Box. UChicagoBox offers browser-based viewing and editing tools, and two helper applications that ease using this service. One is a plug-in that facilitates opening Office documents from the browser in their native Mac and PC applications (thereby bypassing local storage on your computer but making them easy to access, edit, and view). The second tool is a synchronization application that keep files on your computer backed up and synchronized to the Box.com cloud by mirroring anything you put into specifically identified folders on your computer.
    • For those interested in TANK, a fee-based service, departmental representatives may inquire via email to itservices@uchicago.edu.
  • Computer Backup
    • We recommend using UChicago.Box.com and either moving all your files to the service and editing them through the web interface and plug-in, or installing the synchronization tool; you can then modify the default Save dialogue on a Mac or PC, to default to your Box documents folder. Store any important documents here, though not your applications or OS files since these can be restored from prior purchases if lost or corrupted.

Mobile Device-Specific Services

Because mobile devices generally do not store significant institutional data on the device they are not as rich a target for PII, limiting their appeal to thieves. And, because they are most often being connected to cellular networks, they are not as easily used as a vector for spam or botnets. Therefore, mobile device security risk is of more concern to the owner of the device and we do not offer as much guidance (which can often be found on manufacturer’s sites). Here are some specific recommendations and information:


* Authentication is the verification of identity and authorization is the process by which that entity is granted permission to perform some restricted operation. The difference between authentication and authorization is often immaterial in simple systems but is more clearly differentiated in complex systems: You may authenticate yourself in order to log in to a computer but not be given authorization to administer the machine or add new programs.




Keywords:self-support, computer, tablet, PII, SSN   Doc ID:53716
Owner:Barry J.Group:University of Chicago
Created:2015-07-07 11:22 CDTUpdated:2017-04-08 13:57 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  0   0