Be Secure

IT SECURITY GUIDANCE FOR REMOTE WORK

 

University employees have the ability, in many cases, to access the University’s information systems from computing devices and locations other than their regular workspace and outside of the University’s network.

Remote access puts systems at higher risk for attacks and unauthorized access because if the system is accessible to employees/faculty and students from outside of the University’s network, it is also accessible to hackers and criminals. This translates to an increased likelihood that University information could be impacted from a confidentiality, integrity, or availability perspective. Additional precautions should be taken by employees when working remotely.

Security Measures

If you access University information systems remotely from a non-CSUDH device, the Information Security Office encourages you to consider the following:

  • Use anti-virus/anti-malware software and configure it to automatically update.
  • Configure your operating system and applications to  apply automatic updates (e.g., Microsoft updates or Mac updates).
  • Don’t use the “remember my password” feature when accessing University information on a shared device.
  • Download free antivirus below, or email ISO@csudh.edu to request campus enterprise antivirus. (For Mac and windows)

Windows 10: Malwarebytes

Mac OS:  Bitdefender

Follow these security tips when using CSUDH devices:

  • Don’t share or re-use passwords used to access University information and systems.
  • Protect passwords used to access University information.
  • Consider using a password manager. 
  • Use encryption whenever possible when storing University information on portable devices.
  • Use anti-virus/anti-malware software to scan portable storage devices, e.g., USB drives or external hard drives when you first plug them in.
  • You should not consider your online activity to be private when using public Wi-Fi networks.
    • Use VPN software to protect your communications when you connect to public Wi-Fi networks.
  • Use eduroam to connect to Wi-Fi if visiting participating campuses and institutions worldwide. Connect using your CSUDH credentials.
  • If a device containing University information is lost, stolen, or compromised report the incident to the appropriate delegated authority. Please send an email to ISO@csudh.edu
  • Email Security – Do not send Level 1 information (confidential data) in an email message and be on alert for phishing scams. Report any suspicious emails to ISO@csudh.edu.

Securing Zoom Meetings

It is important to consider the security implications of the Zoom meetings that you set up. Participants may share sensitive data and if you are recording the meetings, the data will be stored. Preventing uninvited guests from joining and sharing the recording via Dropbox will help keep your meeting secure.

Participants

It is very important to make sure that we are properly accounting for the participants in our meeting. If, despite these precautions, someone shows up in your meeting that you don't know, you should take it seriously, because it's possible that these incidents may constitute a phishing attempt to obtain confidential information or access to CSUDH services. 

Recordings

If you set up a video meeting, it is important to secure the recording, especially if employee and/or student health data is involved or non-CSUDH participants are attending your meetings.

HOW TO SECURE YOUR MEETING PASSWORDS

We strongly recommend that you set a strong password for all meetings and webinars.

While scheduling a meeting, under Meeting Options, check Require Meeting Password, then specify a strong password.

 Make your password at least eight characters long and use at least three of the following types of characters:

  1. lowercase letters
  2. uppercase letters
  3. numbers
  4. symbols

Before joining your meeting, participants will be asked to enter this password.

DISABLE "JOIN BEFORE HOST"

If you are scheduling a meeting where sensitive information will be discussed, we recommend leaving Enable join before host (found in the Meeting Options section while scheduling a meeting) turned OFF. See Zoom's Join Before Host help page for more information.

The join before host option can be convenient for allowing others to continue with a meeting if you are not available to start the meeting. However, if this option is enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting.

As an alternative, we recommend assigning an Alternative Host prior to leaving the meeting.

  1. Click on Manage Participants in the meeting controls at the bottom of the Zoom window.
  2. Hover over the name of the participant who is going to be a co-host, and choose More.
  3. Click Make Co-Host.

It is still possible for a meeting to start with you (the host) even with Join Before Host disabled. If you have given someone Scheduling Privilege (which allows them to schedule meetings on your behalf), when that person joins a meeting before you, the meeting will start, and they will be made the host. This is typically not a problem, as our recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

SECURITY CONSIDERATIONS FOR SCHEDULING ZOOM MEETINGS WITH OUTLOOK

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password.

  • If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the password to anyone who views your calendar.
    • We recommend making the calendar entry private or editing the entry to remove the Zoom meeting password.
REMOVE A PARTICIPANT FROM A ZOOM MEETING OR WEBINAR

If you have already begun a session and find an unwanted attendee has joined:

  1. If the Participants panel is not visible, select Manage Participants at the bottom of the Zoom window.
  2. Next to the person you want to remove, select More.
  3. From the list that appears, select Remove.
LOCK YOUR SESSION

The Zoom Host Controls allow the host or co-host to lock the meeting.

Once all your attendees have joined:

  1. If the Participants panel is not visible, select Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, select More.
  3. From the list that appears, select Lock Meeting.
    1. Unlock the meeting following these same steps.

Important: When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so it's best not to lock the meeting until everyone has joined.

POST MEETING SECURITY

If a meeting is recorded, the recording is located on the host’s local machine. Please be aware of the content and have all participants permissions in place before posting the meeting to a public site. We recommend securing and sharing the recording using Dropbox.

Get Help

In-Person

Library C-108

Monday - Friday
8 AM - 6 PM

Phone

(310) 243-2500

Monday - Friday
8 AM - 6 PM