The increased shift to telework seems like it is here to stay as employers work to slow the spread of COVID-19 several months into the pandemic, and the Cybersecurity and Infrastructure Security Agency (CISA) released new telework tips for leaders, IT professionals, and teleworkers to keep the remote environment secure.
Throughout the pandemic, CISA has released several documents and guides on how to keep networks secure, including the Trusted Internet Connections interim guidance on telework. Through the updated Telework Essentials Toolkit, the agency provides personalized recommendations for all members of a remote environment with links to telework resources to help meet the new challenges.
“After rapidly adopting wide-scale remote work practices in response to COVID-19, organizations have started planning for more permanent and strategic teleworking posture,” CISA explains in the document. The agency adds, “The Cybersecurity and Infrastructure Security Agency is providing these recommendations to support organizations in re-evaluating and strengthening their cybersecurity as they transition to long-term telework solutions.”
For executive leaders, CISA recommends updating organizational policies and procedures, implementing cybersecurity training requirements, moving organizational assets, and creating a cyber secure hybrid environment. Enterprise-wide policies that address the new environment, the guidance states, will help protect the extended perimeter.
IT professionals, CISA writes, are tasked with developing security awareness and vigilance among the workforce. Actionable recommendations for IT professionals include: patching and vulnerability management; enterprise cybersecurity controls; multi-factor authentication; organizationally approved products; frequent backups; and domain-based message authentication.
For those at home teleworking, CISA asks that they maintain a secure home network. Workers are tasked with making sure their personal networks are configured and hardened against attack and practicing all security practices and policies put in place by their organization. They should also avoid opening email attachments or clicking links if they’re unsure of the source and should communicate all suspicious activities to the IT security team.