This guideline provides you helpful information when working off-campus. This information will help you protect your personal information and Yale data.
These guidelines apply to any Yale-owned or personal device used to access university resources.
You are the best defense
Technology alone cannot fully protect you—you are the best defense. Attackers know that the easiest way to get what they want is to target you. If they want your password, data, or control of your computer, they’ll attempt to trick you into giving it to them.
They may call and pretend to be Microsoft technical support and claim that your computer has a virus. Or, they may send you an email warning that a package is undeliverable. This may mislead you into clicking on a malicious link that downloads malware to your computer. It may allow access to your information and put you at risk.
Common indicators of cyberattacks include
- Creating a sense of urgency, often through fear or intimidation.
- Pressure to bypass security procedures, or an offer too good to be true—no, you did not win the lottery!
- A message from a friend or co-worker in which the signature, tone of voice, or wording does not sound like them.
Be vigilant and aware
Secure your home network
Almost every home network starts with a wireless network, often called Wi-Fi. This is what enables all your devices to connect to the Internet. Securing your wireless network is a key part of protecting your home.
How to secure your home network
- Change the default administrator password. The administrator account allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer provides.
- Allow only people that you trust. Enable strong security so only people you trust can connect to your wireless network. Strong security requires a password for anyone to connect to your wireless network. It encrypts their activity once they connect.
- Make strong passwords. Make sure the passwords you use to connect to wireless are strong. This means at least 12 characters long with a mix of upper and lowercase letters and characters. You only need to enter the password once for each of your devices.
Not sure how to do these steps?
- Ask your Internet Service Provider or check their website.
- Check the documentation that came with your wireless access point.
- Refer to the vendor’s website.
Note: The ITS Help Desk won’t be able to assist with securing your home network.
Use Yale’s VPN
A Virtual Private Network (VPN) makes your Internet connection more secure. While most telework doesn't need Yale’s VPN, use whenever:
- You use an unsecured internet connection on your laptop, tablet, or mobile device. For example, a hotel or coffee shop on free wireless.
- Yale services or applications that need VPN (e.g.. TMS, MyTime).
- Yale’s VPN is a shared resource. If the Yale campus closes or more people work remotely, usage will be higher. Avoid using the Yale VPN unless required, to preserve capacity for all.
- For more information on Yale’s VPN, visit: Off Campus Access VPN: Connecting to VPN.
Stay up to date with the latest software
Cyber attackers look for new vulnerabilities in operating systems and software. These vulnerabilities are like unlocked doors to your device. Hackers use these open doors to gain unauthorized access to your data and devices. Updates address identified security vulnerabilities.
Please note: A Yale-managed device is the default option and must be used where workable. Please review University HIPAA Policy 5100.15. It contains requirements on personal computers and remote access within the covered entity.
To ensure the devices and software you use are up to date, you will need to:
- Ensure your computer is running a supported operating system
- For Windows: Windows 10
- For Macs: macOS 10.14 (Mojave)
- Install available updates to your applications, browsers, and browser extensions.
- Enable automatic updates (security patches) whenever possible on all devices. This includes your work and personal devices such as phones and tablets, internet-connected TVs, security cameras, and gaming consoles.
Run an updated anti-virus solution
Viruses, and other types of malware, can wreak havoc on a computer. They can slow down the computer, damage or delete files, cause computer crashes and data loss, and more. Anti-virus solutions protect against viruses and other cyber threats. Yale requires anti-virus software for all devices that access the Yale network. This includes accessing Yale data.
How can I get anti-virus?
Select a recommended anti-virus solution here.
What should I do if my device is infected?
If your device is infected, stop using the device and contact the ITS Help Desk at 203-432-9000.
Start full disk encryption
Encryption protects the data on your device from unauthorized access. Encryption scrambles data into unreadable code in the event the device is lost or stolen. If the disk is not encrypted, a bad actor could extract and use the unencrypted data.
How can I encrypt my device?
View the Desktop Encryption Guide for directions on how to encrypt the device.
Avoid saving data on personal devices or printing Yale data on a personal printer
To best protect Yale data, do not save Yale data on your device. Instead, save information in secure locations such as:
- Yale Secure Box. You can also use One Drive. Required for Yale high-risk data or sensitive information.
- Box at Yale or Eli Apps - easy file sharing and collaboration for moderate and low-risk data.
For a complete list of services available visit the Service Classification page. This site provides a list of applications by risk classification you can use to securely access, store, and share Yale data.
How do I know if I am working with high or moderate risk data?
Refer to the Data Classification Guideline to determine if you are working with high or moderate risk data. Review the services you can use to access, store, or send this data. You can also review Yale’s Data Classification Policy.
Do not print confidential or sensitive data from a personal or non-Yale printer. This means no high or moderate risk data.
Purge data from personal devices
If you store Yale data on your personal device while working remotely, delete it as soon as it is no longer needed.
When you return to campus, you will need to transfer the data to your Yale device. You must also delete it from your personal device.
Remember, you need to use an encrypted USB to transfer sensitive or confidential data. This means high or moderate risk data.
Non-encrypted USBs are not permitted. If you are unsure if the USB is encrypted, you should assume it’s not.
What are other ways to securely transfer my data?
How can I securely delete my data?
You can securely delete the data by erasing the data from both:
- Where it is stored on the device
- The recycle bin
Limit secondary use of Yale devices
On campus, you don’t have to worry about children or other family members using your Yale devices. Working from home is a whole other story.
Make sure your family and friends understand they cannot use your work devices. This avoids:
- Erasing or deleting data. Family members may close or delete important files before you can save and store it securely.
- Changing important information. Family members, specifically kids, may touch and change important documents. This compromises the integrity of your work.
- Infecting the device. Family members may want to download applications and games. This may introduce malware that disrupts or damages your device. Only download applications or software from a known, trusted source. This is true whether work-related or not.
Tips for ensuring friends and family do not access the device:
- Lock the device when you walk away.
- Protect your device with a strong password.
- Consider locking the door where your computer is set up to avoid unwanted access to the device.