Best Practices - Working Remotely

laptop and coffee on a desk

Navigating Security Risks in Remote Work

Remote work offers flexibility and convenience, but it also presents unique cybersecurity challenges, such as exposure to unsecured networks and potential data breaches.

By understanding these risks, you can take proactive measures to protect your information and the University’s digital assets.

Common Risks

CategoryWhy It Matters
Unsecured Wi-Fi Networks
Public or home networks may lack strong security settings, making it easier for attackers to intercept communications or gain access to sensitive data.
Phishing Scams
Remote workers are frequent targets for phishing emails and social engineering attempts designed to steal login credentials or install malware.
Use of Personal Devices
Personal devices may not have up-to-date security patches, antivirus protection, or strong authentication, increasing vulnerability.
Weak Password Practices
Using simple or reused passwords can allow attackers to gain unauthorized access to work systems and sensitive information.
Unencrypted Communications
Sending sensitive data over unencrypted channels can result in data leakage or interception by malicious actors.
Inadequate Physical Security
Devices left unattended at home, in a vehicle, or in public places are at risk of theft or unauthorized access.

Best Practices

Secure Your Wi-Fi 

  • Use a strong, unique password for your home wireless network.
  • Enable WPA3 or the strongest encryption available.
  • Avoid using public Wi-Fi for work; if unavoidable, use a VPN.

Being Vigilant Against Phishing

  • Double-check the sender’s email address and be cautious with links and attachments from unknown sources.
  • Report suspicious emails to IT by using the "Report" phishing button in your Outlook toolbar, or forwarding to phishing@harvard.edu

Keep Devices and Software Updated 

  • Regularly install updates for your operating system, applications, and antivirus software.
  • Enable auto-updates when possible.
  • Updates are pushed to managed devices; ensure you run the installer when prompted.

Use Strong, Unique Passwords 

  • Create complex passwords using a mix of letters, numbers, and symbols.
  • Never reuse passwords; consider a reputable password manager, like 1Password.

Implement Multi-Factor Authentication (MFA) 

  • Enable MFA everywhere it is offered - this adds an extra layer of security to your accounts.

Encrypt Sensitive Data 

  • Use encrypted channels (like HTTPS and VPNs) to transmit sensitive information.
  • Store confidential files in approved, encrypted locations.

Secure Physical Access to Devices 

  • Lock your screen when stepping away from your device.
  • Store laptops and mobile devices in a secure location when not in use. If you must leave your device in your vehicle, be sure to lock it in your trunk, out of sight.
  • Avoid discussing confidential information in public spaces.

Back Up Work Regularly 

  • Store files to online collaboration tools rather than locally on your hard drive.

Report Lost or Stolen Equipment

  • Report all incidents as soon as possible.

Related Resources

Configure Your Personal Device Securely (HarvardKey required)

VPN (Virtual Private Network)

1Password Password Manager

Prevent Phishing (tips)

Shield Data (secure data handling)

Report an Incident