CISA Releases Guide on Safe Teleworking Practices
With many federal employees now teleworking, the importance of working from home securely and safely is high. In response to both new and old cybersecurity risks, the Cybersecurity and Infrastructure Security Agency (CISA) released a guide to help individuals and organizations safely telework for the long-term.
The guide is divided into three primary parts for bosses, security professionals, and everyday employees. The guide states, “An organization’s executive leaders, IT professionals, and teleworkers all have roles to play in the shift from temporary to long-term or permanent telework strategies.”
The following four focus areas are suggested for executive leaders:
Update organizational policies and procedures for a stronger cyber security infrastructure and communicate applicable changes with employees.
Implement cyber security training for employees to better educate them for the cyber workspace.
Determine cybersecurity risks when moving organizational assets such as printing from home and using a personal computer. Include security configurations for all employees.
Create a hybrid culture of remote employees, on premise employees, and both. Address the basics of cyber hygiene with employees.
The next six focus areas are suggested for IT professionals, who have a large responsibility when it comes to cybersecurity:
Update hardware and software to manage and assess vulnerability risks. Consider using automatic software updates.
Evaluate the current security architecture and ensure that it is properly protecting—and providing visibility into—remote sites and endpoints, including employees who may use public WiFi. Enforce multifactor authentication for employee remote access.
Use of multifactor authentication.
Maintain a list of organizationally approved products for collaboration and ensure these are secure. Provide users guidance on these tools.
Perform frequent backups and reboots of the organization’s systems and important files, verifying them regularly, and storing them securely.
Implement a Domain-Based Message Authentication, Reporting and Conformance (DMARC) validation system to address increased risk of phishing and business email compromise while teleworking.
The final focus areas are suggested for remote employees:
Ensure your home network is properly configured and secure.
Follow secure practices and organizational policies for handling all sensitive data.
Exercise caution when opening email attachments and clicking links in email in case of phishing attacks or malware risks.
Report suspicious activity to organization’s IT security team immediately. Know the procedures for doing so.
The CISA guide also includes specific resources that readers can access for additional information on any of the recommendations.
CISA explains on their website, “The Telework Essentials Toolkit is designed to assist business leaders, IT staff, and end users in their transition to a secure, permanent telework environment through simple, actionable recommendations.”
CISA has released various telework tools since the onset of the pandemic. On their website, they have a variety of resources that user can access including a cyber-security assessment, tips for cyber safety, detection and prevention, and cyber incident response.