Employee guidelines when using a personal computer to conduct university business
East Carolina University considers cyber threats to the confidentiality, integrity and availability of systems and data to be a top risk management concern.
The university recognizes that employee use of personally-owned computers and devices to conduct official university business is a particular concern. This IT knowledge base article should help safeguard university systems and data by providing appropriate and necessary guidance to faculty and staff using a personal computer or other device for work.
Antivirus and malware protection
At the top of the security essentials list is antivirus and malware protection.
All Windows computers have a built-in antivirus program called Windows Defender. If there are no other antivirus apps installed, Windows Defender automatically starts protecting your computer and also provides other security safeguards including firewall protection. To check that your system is protected, see the related article, Check Windows Defender.
Mac computers have built-in antivirus and malware functionality through XProtect.
Email Security
If your ECU email is set up on your personal computer, please be cognizant of essential security best practices. The majority of data breaches have their origin with phishing attacks delivered through email. 
However, ECU has implemented the Microsoft Quarantine filter that removes most phishing emails BEFORE they are delivered to your inbox. When this happens, you receive a report to ensure that legitimate emails are not quarantined. See the Related Articles section of this page for links to further phishing prevention information.
It can sometimes be difficult to determine if an email link is legitimate or a trick luring us to malware infection, data loss or identity theft. To help make the correct call on links we receive through email, ITCS has enabled Safe Links for email. The related article, Safe Links Service and Email, describes this security feature and explains how Safe Links work to help us better determine if an email may be legitimate or potentially malicious.
Encrypt Sensitive Information!
Encryption is required for any email containing sensitive information sent to recipients outside the ECU network. Encryption disguises a message’s text and prevents a hacker from intercepting and reading a message during transit. See the related article, Email Encryption, and learn how to encrypt an email as well as read an encrypted email.
While we, as individual employees, are responsible for our email account and making appropriate decisions about when to encrypt an email, ECU has enabled the Data Loss Prevention program to scan outgoing email for certain “markers” and then takes appropriate action. For example, DLP may flag numbers formatted like a social security number. Unencrypted messages sent outside the ECU network that trigger high sensitivity markers are automatically encrypted and delivered, and senders are reminded of the encryption policy through an email. See the Data Loss Prevention related article to learn more.
Safeguarding your computer account and university systems and data
As defined in the University Student and Employee Computer Use Regulation (East Carolina University, 2016), we are all required to take reasonable precautions to safeguard our ECU computer account and treat computing resources and electronic information as a valuable university resource. Our efforts with such safeguarding may require even more due diligence and thoughtfulness when using a personally-owned computer to conduct university business. Such computers may be used in a home or other environment in close proximity to others, and the computers may be shared by other family members.
Please use good judgment, lock your screen when away from your computer and be sure to log out of applications and data storage when finished working.
Mobile computing security
The ECU Mobile Computing Regulation (East Carolina University, 2019) defines employee responsibilities pertaining to the use of mobile devices, including authorization to access or store sensitive information on mobile devices, device security, device replacement and disposal, and loss or theft of a covered device. Personally-owned devices are also included as a "covered device," and states that employees will ensure all sensitive university information stored on covered devices is encrypted, and that covered devices must be secured in accordance with ECU policies and standards.
For personally-owned devices, the regulation reminds administrative heads and supervisors of their responsibilities to provide guidance to employees concerning the use of mobile devices in conducting university business.
Keeping your computer software up-to-date
New software vulnerabilities are continually emerging, whether associated with your computer's operating system or the applications you use.
The Cybersecurity & Infrastructure Security Agency (2019) emphasizes that the best defense against attackers exploiting vulnerabilities is simple: keep your software up to date!
Regularly running software updates, including patches that address security vulnerabilities, is critical for protecting your computer, devices and data. Enabling Automatic Updates is a best practice whenever possible and this is easily configurable whether you’re using a Windows PC or a Mac (Apple, 2020; Microsoft, 2020).
On the flip side of what is recommended, and perhaps one of the worst things you can do, is using obsolete, end-of-life software no longer supported by the vendor.
Be sure not to forget the importance of keeping your web browsers and mobile device updated as well. Web browsers are particularly vulnerable, and the sites you visit could potentially exploit flaws in them (National Cyber Security Centre. 2020). Many users typically run a large number of apps on their mobile devices, and to prevent known vulnerabilities from being exploited, it’s important that you ensure your mobile device’s operating system and software are kept up-to-date.
Information security while teleworking
A separate but related Knowledge Base Article covers guidance on important topics related to security best practices while teleworking. Please refer to the article Information Security While Teleworking for tips on such matters as connecting to the ECU VPN, approved data storage, and the security of your home network.
References
Apple. (2020, July 31). How to update the software on your Mac. Apple Support. https://support.apple.com/en-us/HT201541
Cybersecurity & Infrastructure Security Agency. (2019, November 19). Understanding patches and software updates. National Cyber Awareness System. https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates
East Carolina University. (2019, November 18). Mobile computing regulation. University Policy Manual. https://policy.ecu.edu/080512/
East Carolina University. (2016, December 16). University student and employee computer use regulation. University Policy Manual. https://policy.ecu.edu/080504/
ITCS. (July 23, 2020). Check Windows Defender. Knowledge Base. https://ecu.teamdynamixpreview.com/TDClient/1409/Portal/KB/ArticleDet?ID=67563
ITCS. (2020, July 6). Data loss prevention for email. Knowledge Base. https://ecu.teamdynamixpreview.com/TDClient/1409/Portal/KB/ArticleDet?ID=67359
ITCS. (2020, April 22). Email encryption. Knowledge Base. https://ecu.teamdynamixpreview.com/TDClient/1409/Portal/KB/ArticleDet?ID=67353
ITCS. (October 22, 2019). Phishing email. Knowledge Base. https://ecu.teamdynamixpreview.com/TDClient/1409/Portal/KB/ArticleDet?ID=67368
ITCS (2020, November 20). Safe links service and email security. Knowledge Base. https://ecu.teamdynamixpreview.com/TDClient/1409/Portal/KB/ArticleDet?ID=67587