Cybersecurity Experts Weigh In On Best Practices for Remote Work
As millions of federal workers conduct their business remotely due to the ongoing coronavirus pandemic, the Chief Information Officers (CIO) Council has released their views on best practices for working remotely. The guidance acknowledges that the expansion of telecommuting activities has increased the potential for sensitive government projects and information to be exposed to unauthorized individuals.
The posting produced this week aggregates recommendation from the National Institute for Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) to provide best practice recommendations for all federal employees.
Included in the CIO Council posting are links to resources such as the NSIT telework tip guide, the NIST Security for Enterprise Telework, Remote Access, and Bring Your Own Device Solutions publication, and the NIST Preventing Eavesdropping and Protecting Privacy on Virtual Meetings blog post.
Additional resources included are the CISA telework guidance portal and guidances from the CISA’s Trusted Internet Connections (TIC) Program Management Office.
Along with these resources, the CIO Council outlined “Do’s and Don’ts” compiled by CISA and NSA experts. Here is the basic list:
Do’s:
Only use agency-approved video conferencing, collaboration tools and methods to share files
Whenever possible, only use laptops and smartphones owned, managed and protected by your agency
Store work-related content on Government Furnished Equipment (GFE) and agency-approved cloud services
Only connect GFE to a network you are in complete control of (e.g., home network)
Don’ts:
Don’t forward work emails to a personal account.
Don’t store work-related content on personally owned equipment (e.g., laptops and cell phones)
Don’t print work-related content at home (unless explicitly approved by your agency)
Don’t use your GFE or government desktop session for nonwork-related activities such as social networking, audio and video streaming or personal shopping
The CIO Council webpage also provides a link to a complete list of NSA-CISA telework best practices.