It’s Home Office Safety & Security Week! If you’re working from a home office or a public location some or all of the time, there are special cybersecurity considerations to keep in mind. Take an active role in keeping your data and the Pitt network safe with this five-point plan for making your living room as secure as an on-campus office, lab, or residence hall room.

A 5-Point Home Cybersecurity Plan

Here’s what you can do to help maintain the security of Pitt’s and your personal data, network, devices, and services:

1. Beware of Phishing

Hackers deploy increasingly sophisticated phishing schemes and other scams to try to trick you into giving them access to your and Pitt’s systems. Pitt IT monitors and intercepts many security risks, but they can’t monitor your home network or personal accounts. If the machine you use is compromised, that can impact the entire University. You are the best defense against phishing and other scams. Know the warning signs for identifying phishing scams:

• Hover over links to be sure they are actually from/going to the advertised destination.
• Be cautious of email addresses and URLs not from a known Pitt domain (i.e., pitt.edu).
• Navigate directly to a trusted site, rather than clicking a link in an email or on social media.
• Be wary of urgent messages requiring immediate action via a provided link.
• Remember that misspellings, bad grammar, or vague language with no names are red flags.

2. Keep Software, Operating Systems, and Browsers Up to Date

Departmental and Pitt IT staff can’t apply Microsoft and other security patches and updates onto your home machine. But these updates are really important for slamming the door on vulnerabilities as they become known. So you need to take that ball and run with it.

• Keep your operating system up to date and never use a version that is no longer supported by the vendor (Windows 8.1 or older / iOS 15 or older). Microsoft will end service for Windows 10 in October 2025 and Apple will stop support for iOS 16 in September 2025, so you should install Windows 11 or iOS 18 as soon as possible. 
• Keep your software current. If you log into an app and it tells you that an update is available, install it! If you download cloud-based software onto your machine (e.g., Microsoft 365 applications), you’ll likely need to load updates manually.
• Ensure your web browser is up to date. Regular updates enhance both efficiency and security, keeping your browser optimized and secure. Enable automatic updates in your settings and consider restarting your browser daily. (To retain your open tabs after restarting, simply activate the setting to reopen previous tabs upon launching your browser.)
• Install the most current antivirus protection on your University-owned devices as well as any personal device you use for work purposes.

3. Ensure Your Home Wi-Fi Network Is Secure

Make sure you lock out anyone who shouldn’t have access to your internet service. Your home Wi-Fi network should be secured using a strong password that includes upper- and lower-case letters, numbers, and special characters. Pitt IT recommends changing your home Wi-Fi password every six months.

Restrict access to your home network by sharing the primary password with household members only. Utilize the guest network feature offered by most Internet Service Providers (ISPs) to provide internet access to visitors. This helps in safeguarding your personal data while still offering connectivity to guests.

4. Use PittNet VPN—But Only When Necessary

PittNet VPN (GlobalProtect) works with the University's network to check the identity of each user to be sure they are authorized to use our computing resources. Your temptation might be to use it whenever you’re logging into a Pitt service. But that isn’t necessary when you’re accessing a resource protected by Pitt Passport and Duo MFA, such as Microsoft 365, OneDrive cloud storage, Pitt email and calendar, Canvas, PeopleSoft/HighPoint CX, Virtual Computing Lab, and most other cloud-based services.

PittNet VPN is only necessary when accessing a departmental workstation, restricted server, or other resource directly connected to the University network, such as computers that connect with a cable to the wired network on the Pittsburgh campus.

5. Be Careful What You Store on Your Home Computer

Don’t save or copy confidential or sensitive University information to your home computer. This includes any personally identifiable information about Pitt faculty and staff, students, research participants, colleagues, etc. It also applies to proprietary and copyright-protected data.

Instead, keep all that data stored on University systems or in approved Pitt cloud storage services, such as your OneDrive account. Passwords can be stored in Pitt Password Manager (LastPass), where you can access them from any device with the master password.

You Are the Best Line of Defense for Cybersecurity

Cybersecurity is all of our responsibility, whether we are working and learning from home or on campus. To keep devices and systems running smoothly and to protect the confidentiality of University and personal data, you need to be a vigilant gatekeeper and take charge of cybersecurity.

-- By Karen Beaudway, Pitt IT Blogger