Security Recommendations for Remote Work

computer at desk


The following guidelines should be referenced to help facilitate remote work securely for faculty and staff members. Circumstances may vary depending on technical requirements of the remote work and should be used in addition to any specific requirements defined by local management or IT units. 

The following basic security requirements meet UCLA’s Security Policy 401 on Campus Minimum Security Standards; These security standards consist of having up-to-date patches for the Operating Systems and Applications, running an up-to-date antivirus application, and turning on local firewall on the device to block unnecessary traffic. 

For more helpful resources and tools, please see the IT Services Working Remotely webpage.

 

  • Set Up Duo Multi-Factor Authentication (MFA) For a Secondary Device

  • Access to most UCLA resources requires multi-factor authentication. Follow the recommendations below to make sure you can access necessary work-related items with MFA verification. In order to connect to campus services remotely as well as most single sign-on systems, you are required to enroll in multi-factor authentication and set up a device to authenticate with.
     

    Due to changes in your normal connectivity routine, you might already have MFA enabled, but should ensure that a secondary device is enrolled to limit any issue accessing resources remotely.

    - To enroll or make changes to your MFA, visit the Multi-Authentication management webpage.

    - See Adding a New Device for Multi-Factor Authentication for more detailed instructions.

  • Forward Your Campus Number to Another Number

  • In case you need to answer calls coming in to your office phone, you can forward the campus calls to a secondary telephone. Please see the below instructions.

    If your desk phone has a “forward all feature”

    1. Select the Forward All button on phone device

    2. Dial the 8, 1 (Area Code) + (phone number)

    If your desk phone does not have a “forward all feature”

    1. Dial *42, wait for tone

    2. Dial the 8, 1 (Area Code) + (phone number)

    3. Wait for tone, then hang up

  • Avoid Using Public WI-FI

  • Insecure Wi-Fi introduces significant security risk and should be avoided if possible.

    If you need to access the internet from a public Wi-Fi location, or are connecting to campus remotely, use the campus VPN (or department specific VPN if available).

  • Access the Campus VPN if Needed

  • If you are off-campus, some applications require a VPN connection for access. You will be required to enroll in and authorize your login attempts using multi-factor authentication (MFA) to connect to the campus VPN. For additional information please see Authenticating Using Multi-Factor Authentication on the Campus VPN.

    Steps to download VPN clients

    1. See the knowledge base article Connecting to Campus VPN

    2. Identify and Select the VPN Client appropriate for your computer's operating system 

    3. Follow recommended steps to download and install the VPN client for your respective OS

    For general information about what VPN is, who has access, and when you should use it, please see When to Use the Campus VPN.

  • Keep Devices up to Date

  • Ensure your Devices are Current with Manufacturer Updates and Patches. Install and allow regular updates for any devices that you use for working remotely. For personal devices, follow your operating system manufacturer’s recommended settings to receive automatic updates.

  • Use an Antivirus to Protect All Your Work-Related Devices

  • It is equally important to ensure that your devices are using reliable, up-to-date antivirus protection.

  • Turn On Device Firewall

  • Turning on the device firewall can help filter unwanted traffic. Ask your local IT department for any guidance. See the following Google link on how to set up your Firewall for more information.

  • Keep Work Data on Work Computers

  • To ensure that sensitive data is not at risk, store work related data on work computers or use campus approved cloud storage options such as Box.

    In addition, by leveraging applications such as Office 365, you could work online and avoid downloading or synching files/emails to a personal device. Minimize the need to keep any work files on personal devices.

  • Encrypt Sensitive PII Data

  • Computers Storing Sensitive PII Data Must be Encrypted. This means before downloading any sensitive data into your device (laptop, desktop, etc.) the local disk must be encrypted using an industry standard encryption tool  (UC Policy 404). Contact your local IT department for guidance and encryption software.

  • Never Leave Your Laptops or Devices Unattended

  • This includes and is not limited to the car or publicly accessible areasFor any devices that will be used for work, be sure to limit the potential for theft and avoid leaving them in the car. Equally, storing these devices in the trunk does not reduce the risk of left.