Remote Learning Security Guidelines
Things you should do to secure your accounts and information while learning remotely:
- Enable two-factor authentication for your LakerApps account and other personal accounts. This includes accounts for streaming services, gaming platforms, and social media. For additional information about two-factor authentication, please visit the Two-Factor Authentication section of the CTS Cybersecurity site.
- Be extra vigilant about phishing emails and links. Scammers are already taking advantage of the COVID-19 pandemic to create phishing scams to exploit people’s fears and the need for updated news. For additional information about how to spot phishing emails, and what to do with them, please visit the Phishing section of the CTS Cybersecurity site.
- When communicating via email with SUNY Oswego faculty, staff, or classmates, use your official SUNY Oswego LakerApps account.
- Log out of all web services and websites, and close all browsers at the end of the workday.
- Use unique passwords for all your accounts. Consider using a password manager if you have difficulty remembering unique passwords. For more information about password manager applications, please visit the Password Manager section of the CTS Cybersecurity site.
- Back up your data. If you primarily work out of your Oswego Google Drive or other cloud storage platform, your data is safe from device failure. However, you may want to consider an alternate method, such as periodic backups to external media kept offline, to protect highly sensitive data, or to protect against ransomware.
Things you should do to protect your device:
-
Update the operating system and applications on your device to the latest available versions. Note that Windows 7, Mac OSX 10.12.x, and earlier operating systems are no longer receiving security updates, so consider upgrading them to a supported version as soon as possible. Be sure to update Chromebooks, iPads, smartphones and other devices as well, if you are using them to complete coursework.
-
Install an antivirus program, keep it updated, and run daily scans. Sophos Home is available for free. Cylance Home is available for a fee. Antivirus apps are commonly available for smartphones and tablets as well.
-
Remove any unnecessary programs and applications from the device. This includes browser extensions and remote access applications. Your device will run faster and more securely with fewer programs installed.
-
Review the app permissions for any apps installed on smartphones and other mobile devices. Revoke permissions that are not needed, or uninstall the app outright if it requests excessive permissions.
-
Ensure your personal wifi network is configured to use WPA2 or WPA3, and is secured with a strong password.
-
Disable all wireless connections (wifi, NFC, Bluetooth) when not in use, even at home.
-
Use a webcam cover or otherwise physically block your device webcam when not in use. Likewise, familiarize yourself with how to mute and unmute your microphone.
-
Ensure your computer’s firewall is on at all times, even at home.
-
Learn how to lock and unlock your computer so that you can prevent unwanted use of your computer or device by anyone in close proximity.
-
If you must share a computer, make sure that each individual person has their own, non-administrator account on the computer, and enforce separation. If you need assistance creating a user account with limited privileges, please contact the CTS Help Desk for assistance.
-
Be cautious when installing new applications, apps, or browser extensions. Research what you need first and check the reviews. If you aren’t paying anything for the app, then you and your data are likely being monetized - opt for paid versions if possible.
-
When using any new remote learning tools, familiarize yourself with the settings and features, so that you can configure your tools in a secure way. Default settings in some applications may be much less secure than expected.
Thing you should make sure not to do while learning remotely:
-
Connect to free/public/unsecured wifi. Unsecured wifi includes networks using WEP or WPA, those with no password, or those whose password is posted in public view.
-
Login to your laptop or computer with an account that has administrator permissions. It is easier to infect computers with malware, and more destructive once infected, if the user account logged into the computer has administrator privileges.
-
Use a personal email account to communicate with classmates and professors. The protections against phishing are more effective if you use your official LakerApps account.
-
Download apps from third party app sites or applications from “free” download sites such as Softopedia, CNET, etc. The apps may not be properly checked for the presence of malware, or may be bundled with bloatware. Apps that must be side-loaded should be avoided as well for the same reasons.