SUNY Downstate Health Sciences University
Tips for Working Remotely: Security and Privacy of Information
Cyber Security & Cyber Scams
Here is a list of the increased malicious activities and scams you should be aware of during the COVID-19 Pandemic:
- Phishing emails or texts from entities posing as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC). Don’t click emails claiming to be from experts saying they have information about the virus.
- Malware inserted in mobile apps designed to track the spread of COVID-19 that can steal information stored on devices
- Malicious COVID-19 websites and apps that can gain and lock access to devices until a ransom payment is made
- Beware of solicitations for donations to fake charities or crowdfunding sites. Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
- Ignore online offers for vaccinations. Once a vaccination is available, you will be hearing about it from your local healthcare providers and major media outlets.
- Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result.
- Beware of fake government economic stimulus checks. Do not reveal personal or financial information in email and do not respond to email solicitations for this information.
Basic Security Safeguards
- Don’t click on links from sources you don’t know.
- Make sure the anti-malware and anti-virus software on your computer is up to date.
- Strong, unique passwords – Create strong passwords by using passphrases or numbers, letters and symbols. Do not share them with others. Don’t use the same passwords for all of your accounts.
- Watch your personal information – Do not share any personal information including social security number, credit card or banking information unless you know it is a confirmed, secure source.
- Lookout for red flags – Don’t click on anything without first checking for Social Engineering Red Flags.
- Stay secure at work and home – Here are 8 cyber-defense best practices for securing your digital systems and data.
- Use secure Wi-Fi – Trust only known and secure Wi-Fi connections. Do not use open (unsecure) WI-FI for working remotely.
- Ensure mobile security – Do not respond to voicemails or calls asking for your financial info and do not trust text messages that attempt to get you to reveal your personal information.
- Email/ Transmission – Do not transmit confidential information from work e-mail to personal e-mail addresses or text messaging services (e.g. icloud.com, aol.com, yahoo.com or g-mail.com).
- Secure storage – Under no circumstance may official data or information be transferred to or stored on any personal devices. Always save files to OneDrive rather than to your local hard drive. Do not copy, remove or download confidential information offsite unless authorized by your supervisor and properly encrypted, including USB drives and portable devices.
Basic Privacy Safeguards
- Do not communicate confidential information where others can listen.
- Ensure confidential documents are appropriately shredded.
- Log off and secure any computer being utilized to conduct official business when not in use.
- Unauthorized access to or disclosure of information must be immediately reported to your immediate supervisor or via the Compliance Line at 877-349-SUNY.
- Take appropriate action to protect items from damage or theft. Loss or theft of equipment must immediately be reported to the supervisor.
- Internet Security When You Work From Home
Use this 15-minute online training course to help your users understand the challenges when preparing to work remote and train them on best practices for implementing a secure office environment while working from home.