Telecommuting, Mobile and Travel Safety Guidance

Telecommuting, Mobile and Travel: Technical Security Tips

ASU’s community is increasingly global and mobile.  Now as more of us are temporarily working from home more than ever before, here are some tips to help ensure we protect ASU’s information assets as well as our technology infrastructure. 

Security 101 - The Basics

• Using ASU issued electronic devices helps ensure that appropriate security measures are in place

• Ensure all of your electronic devices including laptops, desktops, tablets and phones leverage basic security controls including encryption. 

• Ensure all of your devices are current on software patches and set to auto-update.

• Remove unnecessary sensitive data from your electronic devices, phone and backup storage devices including USB or thumb drives.   

• Ensure two-factor authentication is enabled on all of the accounts you use to access ASU systems or services.

• Remember that cellular connections are generally considered more secure than public guest Wi-Fi access

• Contact your local deskside team or the ASU Experience Center for additional information at 1-855-278-5080 or chat directly 24/7/365.  Additionally, students can visit the Tech Studios on campus for assistance.

Telecommuting Guidance

If you are telecommuting, please review the Telecommuting guidelines and considerations from the Business and Finance Office for detailed guidance.

Telecommuting Security Guidance

• Ensure your ASU provided electronic devices are either with you or locked in a secure location at all times, ensuring these devices are only used by you.

• Connect only via a secure and encrypted internet connection using a VPN such as the  ASU Cisco AnyConnect VPN service ASU VPN (https://sslvpn.asu.edu/2fa) or the ASU full- tunnel version at (https://sslvpn.asu.edu/tunnel)

• Ensure your home network is properly secured and requires passcode at a minimum to access. Configure factory-set administrator user accounts within your home network to ensure appropriate security including that all default passwords are changed.

• If your ASU device or personal device that contains work data such as your phone is lost or stolen, immediately report it to the ASU Information Security Office at infosec@asu.edu or the ASU Experience Center at 1-855-278-5080

Additional Telecommuting Resources

• CISA Telework Guidance

Mobile Device Security Guidance

• Lock your device by configuring a passcode or enable biometrics in order to use the device. This helps prevent unauthorized individuals from gaining access to your data.

• Enable encryption on your mobile devices, and ensure that they are configured to encrypt storage with hardware encryption. 

• Enroll your device in a “Find my device” service , such as Find My iPhone or Find My Device on Android. These services allow location tracking and remote data recovery/wipe. 

• Use caution before responding directly to unsolicited phone calls, emails or text messages, they may be scams.

• Set an idle timeout that automatically locks the device when not in use. 15 minutes or less is recommended.

• Keep all software up-to-date, including the operating system and installed "Apps." This helps protect the device from attack and compromise.

• Properly configure the location and security settings on your device and applicable applications.

• Scrutinize permissions requested by any of your phone’s apps.  Be careful in accepting requests for personal or device information, including access to your location, your contact lists, or your camera roll.

• Consider labeling your device with your name and a phone number where you can be reached to make it easy to return if lost.

• Ensure regular backups since mobile devices often have a greater risk of loss, theft, damage, or hardware failure. 

Additional mobile security resources

• Android Security Settings

• Apple Security Updates

• Apple 2FA ID

Travel Security Guidance

• Keep your electronic devices with you as much as is possible.  If you cannot keep your devices with you during travel, ensure they are turned off while stowed in your luggage or locked facility. Pack internet cards, USB drives and other devices separate from your encrypted devices.

• Connect only via a secure and encrypted internet connection using a VPN such as the  ASU Cisco AnyConnect VPN service  (https://sslvpn.asu.edu/2fa) or the ASU full-tunnel version (https://sslvpn.asu.edu/tunnel).

• Remember a guest or public Wi-Fi at a restaurant, conference or hotel has many users with varying degrees of device security. It is a good idea to postpone accessing ASU systems unless you are using the ASU VPN service.

• Confirmation is key for WiFi connections. Anyone can set up a Wi-Fi network ID and broadcast it. Instead of assuming the name of the guest Wi-Fi you are trying to access is the right one, contact someone working in the restaurant, hotel, coffee shop, etc. to confirm the name of the Wi-Fi network they are offering.

• Cellular connections are considered more secure than Wi-Fi access. Many mobile cell services offer mobile hotspot functionality. Mobile hotspot means you use your phone or a mobile carrier's device to access the Internet. This method bypasses both the public Wi-Fi and hotel Internet all together. A better alternative for sensitive information (e.g. personal banking).

• Review your electronic device settings.  Macs and PCs have some file sharing options that assume you are on a trusted network, with other trusted computers. If you are connecting to a network that isn’t your work or your home, turn off file sharing in the MacOS and Windows, while also enabling your system’s built-in firewalls. In these situations, keep your Internet-connected apps and services open to a minimum.

• Be wary of shoulder-surfing - someone who might be nearby that could be looking over your shoulder at your screen - consider using a screen shield or privacy guard.

• For travel to security sensitive locations, consider whether it makes sense to take any electronic devices and if needed an ASU loaner or alternate device(s), including laptop and phone. These loaners will be wiped clean upon return.

• If your laptop is lost or stolen, immediately report the loss or theft to the ASU Information Security Office at infosec@asu.edu or the ASU Experience Center at 1-855-278-5080

Additional travel security resources  

• FBI Safety & Security Travel Abroad Guidance (PDF)

• How to manage cybersecurity risks of international travel

Data Security Guidance 

ASU personnel handle many kinds of sensitive information, much of it subject to privacy laws and other regulations. This information may reside on ASU-managed network servers, on third-party "cloud" systems, or even sometimes on local disks, portable devices, or removable media. Wherever it resides, and wherever we are at the time, it's everyone's responsibility to keep this information secure and confidential.

ASU's Sensitive Data Handling standard outlines roles, responsibilities, and appropriate methods for securing and storing sensitive information. The standard includes an appendix with detailed examples of information considered sensitive; the list, while not exhaustive, will give you a basis for evaluating the sensitivity of data. 

Below are some things that everyone who works at ASU should do to protect information.

Smart phones, tablets, laptops, flash drives, and mp3 players are all mobile devices that can store large amounts of data and are highly portable. They are easy to steal or lose, and unless precautions are taken, an unauthorized person can gain access to the information stored on them or accessed through them. Even if not stolen or lost, intruders can sometimes gain all the access they need if the device is left alone and unprotected, if data is transmitting information via a wireless network, or if malware is installed. The results can include crippled devices, personal data loss, and more.

Portable Storage Devices Security Guidance

• Ensure only ASU issued Portable Storage Devices (e.g. USB memory sticks, external hard drives) are used.

• All ASU issued storage devices must be encrypted.

• Ensure a username/password is enabled to access the data/device.

• Avoid using free storage devices and cables. Be especially wary of items you may find in the hallway or a parking lot. 

Additional Technical Security Resources

• CFO Telecommuting Guidelines & Resources

• ASU Data Handling Standard

• Additional guidance on Mobile and Travel security

• Securing your Home Network

• Remote Teaching & Learning at ASU

Contact Us

Contact the ASU Experience Center online or call 1-855-ASU-5080.

To report a security event email the ASU Information Security Office at infosec@asu.edu