Telework Tips to Help Organizations Grappling with WFH Life
The Cybersecurity & Infrastructure Security Agency has released a collection of tips and best practices to help companies and employees better secure the new extended network perimeter.
With America and much of the world poised to continue working from home for the foreseeable future, the U.S. government has issued guidelines on how to work securely while remote.
The Cybersecurity & Infrastructure Security Agency (CISA) – the nation’s risk adviser - released what it dubs a “one-stop shop for telework cybersecurity guidance for critical infrastructure, government, and citizens,” the Telework Essentials Toolkit, last week.
The kit looks like it can help both organizations and individuals take stock of their current setups in order to make them more secure for the long-term. Faced with more and more ransomware attacks and critical vulnerabilities, like Zerologon and those in VPN appliances like Citrix and Pulse Secure, organizations, many which were short handed in the shift to telework, may want to evaluate the guidance to ensure they're following best practices.
The kit contains some information CISA has shared before, like guidance on patching some of the most pressing vulnerabilities, defending against malware attacks, and how to best configure virtual private networks.
The kit has information for all levels - there are modules for executive leaders, IT professionals, and workers, with goals for each - think driving cybersecurity strategy and investment and developing awareness and vigilance.
The website helps bring together resources CISA created when the COVID-19 pandemic began. For example, the kit includes a handful of tips around video conferencing, including recommendations for schools, agencies, and organizations overseeing critical infrastructure. This section, which also includes tips on securing sessions, guidance on double checking video conference links, how to control attendees and protect sensitive information during a call, dates back to May, when the country was two months into the pandemic.
The kit doesn’t solely contain CISA content; it also points users to guides made by the National Institute of Standards and Technology, or NIST, including its guidance on enterprise telework, remote access, and bring your own device security. It also links the National Security Agency's telework and mobile security guidance, along with information from the Global Cyber Alliance, the Center for Internet Security, and the Cyber Readiness Institute.
It also points users to Cyber.org, an affiliate that specializes in educating K-12 teachers and students. While the information may be introductory to some, the site contains videos on making strong passwords, an explainer on phishing, and video conferencing security
The kit can also serve as a helpful resource for those who may not be up to date on cybersecurity vernacular; it includes definitions and further reading on multi-factor authentication, ransomware, phishing, advance persistent threats, and firewalls, for those who may need further guidance.