Skip to Content

Division of Information Technology

Security Guidance for Remote Working

This page describes the different security resources available to USC faculty and staff members working remotely.

How do I stay secure while working away from USC?

Handling and Processing Data

  • Data security and privacy requirements are still in effect, regardless of where data is located. Ensure that whatever device you are working from meets security requirements applicable to the types of data you are working with. 

  • Do not store confidential university data on any personal device (e.g. files that may contain SSNs, backing info, health records). If you do not have a university device for accessing confidential data, leverage the university’s virtual desktops or maintain the data’s secured location (example: university’s server or desktop).

Secure Access

  • Access to Internal Resources - A user can securely connect to the university network to access internal resources by leveraging the university’s VPN (Cisco AnyConnect).  This solution can be used to access systems and network drives that are from the university network.

  • Collaboration Tools - Cloud-based collaboration tools, such as Microsoft Teams and Office365, can be used to work with other individuals in a secure manner.  Microsoft Teams can be used to communicate, host web-based meetings and share files between groups of authorized individuals.  Office365, when accessed directly through the internet or a web browser, can be used to work on documents that are saved to your Microsoft OneDrive and SharePoint.  Remember to not save confidential university data to personally owned devices.  These cloud-based solutions, unlike personally owned devices are protected with additional security controls and legal agreements.

    Zoom is another commonly used Collaboration tool.  To safely and securely use Zoom, please configure your sessions based on the following guidelines:
    • Do not make meetings or classrooms public. Leverage the option of a meeting password or use the waiting room feature and control the admittance of guests.
    • Manage screen-sharing options, by changing screen-sharing to “Host Only.”  Provide permissions to individuals for specific time periods, as needed.
    • Ensure users are using the updated version of remote access/meeting applications.We are aware that many instructors are using Zoom. 

  • Virtual DesktopVirtual desktops can be requested and remotely accessed in a secure manner.  These desktops provide similar functionality to a university device, except that they are available through the internet and can be accessed from different devices.  Virtual desktops provide an alternative secure connection to internal resources, without requiring a university device or VPN access. 

Be Mindful of Threats and Risks

  • PhishingBe mindful of fraudulent communication attempts such as phishing emails. Bad actors will leverage current events, panic and disasters to target individuals with highly tailored and specific communication.  They will also leverage the situation to create false urgency, in the hopes of tricking their targets into rushing so that they lower their guard or even skip important validating steps before complying with whatever the bad actor requested.

  • Web SurfingBe mindful of the websites you visit. While most of the university’s security controls are still engaged and updated on university owned and managed devices, network-based security controls (example: Cisco Umbrella) will be limited when you are remote and not using the USC VPN.  Ensuring the university’s Cisco Umbrella Roaming Client is installed on your university owned and managed device will help to protect your system even when you are off the network.  This client provides protections from malware, fraudulent websites, new domains, and communications with compromised systems.  Of course, nothing beats being cautious of the websites you visit and the applications you install on your devices.

  • Public WIFIAvoid connecting to other untrusted networks or public wireless access points.  These networks can be compromised or used by hackers to monitor and access your internet traffic (email, websites access, credentials used, payment information sent).

  • Sharing DevicesUniversity devices should only be accessed and used by authorized USC faculty, staff or students. Avoid letting family or other individuals use your university device.  Lock your system or turn it off when you need to step away to prevent access from other individuals, such as children or other family members.

Quick Links

Additional Resources

Challenge the conventional. Create the exceptional. No Limits.