Security Guidance for Remote Working
This page describes the different security resources available to USC faculty and
staff members working remotely.
How do I stay secure while working away from USC?
Handling and Processing Data
- Data security and privacy requirements are still in effect, regardless of where data
is located. Ensure that whatever device you are working from meets security requirements
applicable to the types of data you are working with.
- Do not store confidential university data on any personal device (e.g. files that
may contain SSNs, backing info, health records). If you do not have a university device
for accessing confidential data, leverage the university’s virtual desktops or maintain
the data’s secured location (example: university’s server or desktop).
Secure Access
- Access to Internal Resources - A user can securely connect to the university network to access internal resources
by leveraging the university’s VPN (Cisco AnyConnect). This solution can be used to access systems and network drives
that are from the university network.
- Collaboration Tools - Cloud-based collaboration tools, such as Microsoft Teams and Office365, can be used to work with other individuals in a secure manner. Microsoft Teams
can be used to communicate, host web-based meetings and share files between groups
of authorized individuals. Office365, when accessed directly through the internet
or a web browser, can be used to work on documents that are saved to your Microsoft
OneDrive and SharePoint. Remember to not save confidential university data to personally
owned devices. These cloud-based solutions, unlike personally owned devices are protected
with additional security controls and legal agreements.
Zoom is another commonly used Collaboration tool. To safely and securely use Zoom,
please configure your sessions based on the following guidelines:
- Do not make meetings or classrooms public. Leverage the option of a meeting password
or use the waiting room feature and control the admittance of guests.
- Manage screen-sharing options, by changing screen-sharing to “Host Only.” Provide
permissions to individuals for specific time periods, as needed.
- Ensure users are using the updated version of remote access/meeting applications.We
are aware that many instructors are using Zoom.
- Virtual Desktop - Virtual desktops can be requested and remotely accessed in a secure manner. These
desktops provide similar functionality to a university device, except that they are
available through the internet and can be accessed from different devices. Virtual
desktops provide an alternative secure connection to internal resources, without requiring
a university device or VPN access.
Be Mindful of Threats and Risks
- Phishing - Be mindful of fraudulent communication attempts such as phishing emails. Bad actors
will leverage current events, panic and disasters to target individuals with highly
tailored and specific communication. They will also leverage the situation to create
false urgency, in the hopes of tricking their targets into rushing so that they lower
their guard or even skip important validating steps before complying with whatever
the bad actor requested.
- Web Surfing - Be mindful of the websites you visit. While most of the university’s security controls
are still engaged and updated on university owned and managed devices, network-based
security controls (example: Cisco Umbrella) will be limited when you are remote and
not using the USC VPN. Ensuring the university’s Cisco Umbrella Roaming Client is installed on your university owned and managed device will help to protect your system
even when you are off the network. This client provides protections from malware, fraudulent websites, new domains, and
communications with compromised systems. Of course, nothing beats being cautious of the websites you visit and the applications
you install on your devices.
- Public WIFI - Avoid connecting to other untrusted networks or public wireless access points. These
networks can be compromised or used by hackers to monitor and access your internet
traffic (email, websites access, credentials used, payment information sent).
- Sharing Devices - University devices should only be accessed and used by authorized USC faculty, staff
or students. Avoid letting family or other individuals use your university device.
Lock your system or turn it off when you need to step away to prevent access from
other individuals, such as children or other family members.
Additional Resources