Cybersecurity and remote work
Information security
University Systems offers a number of services and recommendations to maximize the confidentiality, integrity and availability of your data when working remotely.
Do not hesitate to ask your Desktop Support Services person or the Computer Help Desk if you have security related questions when working at home.
Securing your computer
Computer equipment used in remote locations will be UVic standard computers available through the Technology Solutions Centre that are managed by appropriate UVic personnel (e.g. University Systems Desktop Support Services) and utilize the UVic Virtual Private Network (VPN) service at all times. UVic-supplied computers will include all required peripherals, e.g. monitors, keyboard, mice. If an employee wishes to supply their own peripherals, the supervisor must approve the connection of personal peripherals to UVic computers based on advice from University Systems or their IT support personnel. Note that the university will not provide any support for personal peripherals. Printers and toner will not be provided as any printing should be done on campus.
- Equipment supplied by UVic will be maintained by the university in alignment with UVic's information security standards and subject to all applicable rules, policies, and practices related to the use of equipment. Employees must take reasonable steps to protect any university property from theft, damage, or misuse.
- While UVic’s Acceptable Use Policy (IM7200) allows “incidental personal use” of university information resource, university computers supplied for remote work are not meant to replace personal computers.
Securing your home network
Your remote workplace must be equipped with internet connectivity that functions consistently with sufficient bandwidth so that the employee can work effectively and meet the expectations of the role.
- To improve the security of your home network, ensure that you change the password of any default accounts on your router, access point or other in home networking devices. Default passwords are published publicly and can be used to maliciously access your home network. University Systems recommends you limit who can change or affect your network settings to 1 or 2 family members responsible for those devices. Use unique passwords for all of these devices and your accounts, especially for your administration or configuration accounts.
- Ensure that only your family and trusted visitors can access your network. Require a password to connect and potentially have a separate wireless network for visitors or guests.
- Update your home router or wireless access points with the latest firmware and security patches regularly. Please refer to your Internet Service Provider or wireless device vendor's website for information on how to apply the latest firmware and security patches to your devices.
- Configure your home router to use the CIRA Canadian Shield to provide additional malware and phishing protection on your home network. Guides are included with your Internet Service Provider's website or your wireless device vendor's website.
Securing your accounts and information
University Systems recommends the use of strong passphrases that are not re-used or shared with any other service. We have published tips for creating secure passphrases and have recently enhanced the passphrase complexity options available for your NetLink passphrase: NetLink passphrases can now be 12 to 128 characters in length and contain all special characters.
- To manage your passphrases, consider using a password manager to help secure all your accounts and passphrases in an encrypted vault/database.
- To provide additional protection for your accounts, enable multi-factor authentication if it is available or offered. A smartphone-based authenticator app or physical authentication tolken are preferred over SMS-based multi-factor authentication.
- Keep 1-2 backups of any data that is important to you. Use UVic resources for backing up UVic data.
- You may be targeted by phishing scams designed to trick you into releasing information about yourself, releasing information about your accounts, or installing malicious software on your computer. Learn how to protect yourself against phishing scams in our phishing awareness training course and check out samples of phishing and malicious emails that the UVic Information Security Office has analyzed at our Phish Bowl blog.
For more information on how to protect your accounts and information, refer to UVic's privacy, information security, and records management training.
Do not hesitate to ask your Desktop Support Services person or the Computer Help Desk if you have security related questions when working at home.
Related university policies
Additional cybersecurity and remote work resources
- UVic remote work resources
- Virtual Private Network (VPN)
- Zoom Video Conferencing Service
- Microsoft 365 and Teams
- Video conferencing
- Departmental file shares
- Personal home file storage
- Connect (SharePoint 2013)
- Online Academic Community (OAC)
- Web hosting for faculty and staff
- InsideIT Blog post: Zoom and Teams, which is right for you?
- Government of Canada's cyber hygiene bulletin
- Get Cyber Safe - Cyber security in COVID-19: How to set up a cyber secure home office