Security Basics – Working from Home

As we shift to remote learning and as staff members of the university community begin working from home, it is important to remember that handling UMass Lowell data outside of our typical workspaces presents unique challenges. Taking a few additional security precautions when working remotely can help to keep UMass Lowell’s valuable information secure.

Basic steps you can take to enhance security at home:

  1. Watch for phishing attempts. UMass Lowell remains a high-value target for cyber criminals, especially during times of uncertainty. Be especially wary of emails that attempt to get you to share your password as a requirement for working remotely. Attackers will often try to exploit an existing relationship by posing as a person you know or trust (such as a colleague or supervisor) and by creating a sense of urgency. If you suspect an email is a phishing attempt, please forward the email as an attachment to
  2. Keep work data on your work computer. It is always preferable to conduct university business on university-owned devices, but the University recognizes that this approach may not always be possible. If you must conduct university business on your personal device, do not store UMass Lowell data on that device.  If you have copied university data to usb drives for any reason, it is recommended you encrypt the usb drive.  On windows, you can use “BitLocker to Go”.  As a reminder, if you no longer need the data, you should delete the files. Additionally, please don’t email sensitive files from your university account to your personal email account as it is against the University’s Email Usage Policy. 
  3. Do not access information classified as “Restricted” or “Confidential”) under the University Data Classification Policy, IT-5-106, on your personally owned device. University-owned information assets are equipped with secure perimeters including Wi-Fi, VPN, encrypted drives, anti-virus, end-point protection, and active monitoring while on the UML network. Personal (non-university owned) devices do not have this level of security and pose a higher level of risk.
  4. Adequately protect your system. This includes activating and/or enabling anti-virus software, regularly updating your operating system, and enabling the firewall on your operating system.
  5. Avoid public Wi-Fi. If necessary, use a personal hotspot. Public Wi-Fi can introduce significant security risks and should only be used if absolutely necessary.
  6. Always keep your device with you. Never leave your device or laptop in your car unattended, and make sure your screen can’t be seen by those around you. Password protect your device, not just your Access Account.
  7. Only use UMass Lowell-approved video conferencing applications such as Zoom, Skype for Business, and Microsoft Teams.
  8. Do not sync UMass Lowell data/files to personally owned devices such as Box Sync or Dropbox. Rather, use the university’s branded OneDrive or Dropbox.
  9. When necessary, use the university’s Virtual Private Network (VPN) software to create a secure connection from your device to UMass Lowell. This helps to protect UMass Lowell’s data and keeps you safe in the event you have to use public Wi-Fi or connect from your home network to access a remote file. You can download this software (Pulse Secure) on your personal and university-owned devices by visiting
Finally, cybercriminals generally tailor email and web-related scams to current topics and trends. With news headlines dominated by information related to pandemics, coronavirus, and COVID-19, the UMass Lowell community should stay vigilant for scams centering on these subjects. Be cautious and take basic online safety precautions when seeking information regarding COVID-19, including:
  • Avoid clicking links in unsolicited email and do not open e-mail attachments from senders you do not recognize
  • Never give out personal financial information through e-mail
  • Use legitimate websites as sources of information regarding COVID-19

Remember, legitimate services and sites including UMass Lowell never have a reason for you to send them your password.