Working, teaching, and learning away from the MIT campus poses risks to securing information. IS&T recommends that community members follow these best practices when engaging in activities remotely to help reduce the chance of the information and data you handle at MIT being compromised.
1. Protect your devices
Make sure you work with your department’s IT staff to implement the recommended protections for the risk level of the MIT data you have on your device. The tasks for low risk information can take as little as 15 minutes to complete! We also highly recommend that you use an Institute-owned and managed device for your work at MIT.
2. Protect your information
When exchanging high risk (i.e. regulated, sensitive or personal) information over email (e.g. birth certificates, applications to open accounts or secure loans), make sure to protect your documents and information with encryption through the use of applications such as VeraCrypt or Crypomator.
3. Secure your home WiFi
Make sure your home router’s firmware is up-to date, that you have changed the default password to something strong, and that you have enabled WPA2 encryption for your home WiFi network.
4. Practice safe video conferencing
Use MIT-approved and licensed enterprise video conferencing tools, such as Zoom, Microsoft Teams, or Webex, which offer protections for your security and privacy, and follow suggested best security practices. Be aware of others in your household when using such tools, including digital assistants, to protect confidential or proprietary information. In addition, remember to lock your screen when not using your computer.
5. Be aware of phishing
There has been an uptick in malicious attacks to take advantage of the COVID-19 pandemic. Be wary, in particular, of phishing attacks that pretend to be from the IT department and also of scams that try to trick you into making donations to fraudulent organizations or causes or revealing sensitive information. Protect yourself and your information by using caution when opening emails and attachments.
Additional information and support
For more guidance on how to protect MIT information, see the newly developed Data Classification framework on the Institute’s Information Protection website, including how to protect high risk data as well as the minimum recommended actions to protect low risk information.
Additional secure computing tips are available on the IS&T website.