What are Tips for Telework?
The Computer Security Resource Center (CSRC) at the National Institute of Standards and Technology (NIST) provides a number of tips for employers and employees to consider as they embark on telework.1
Tips for Employers
National Checklist Program (NCP). NIST maintains a publicly available National Checklist Repository that contains a variety of security configuration checklists for specific IT products or categories of IT products. This makes it easy for organizations to find the current, authoritative versions of security checklists to determine which will best meet their needs.
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). NIST’s National Cybersecurity Center of Excellence (NCCoE) and its industry collaborators built an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security and privacy needs for using mobile devices to access enterprise resources.
Guidelines for Derived Personal Identity Verification (PIV) Credentials. NIST provides technical guidelines for the implementation of public key infrastructure (PKI) based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control over a valid PIV Card.
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. NIST provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework, remote access, BYOD technologies, as well as advice on creating related security policies.
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. NIST provides guidance on certificates and Transport Layer Security (TLS) extensions that impact security.
Guide to IPsec VPNs. This publication provides practical guidance to organizations on implementing security services based on Internet Protocol Security (IPsec) so that they can mitigate the risks associated with transmitting sensitive information across networks.
Security Considerations for Exchanging Files Over the Internet. NIST provides a bulletin that discusses several possible solutions for secure file exchanges, as well as numerous examples of methods for detecting file exchanges that aren’t properly protected.
Tips for Employees
Telework Security Basics. NIST provides basic tips about how to improve telework security including helpful tools, threats to be aware of, and resources to help improve device security and user behavior.
User’s Guide to Telework and Bring Your Own Device (BYOD) Security. NIST provides recommendations for securing BYOD devices used for telework and remote access, as well as those directly attached to the enterprise’s own networks.
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings. NIST provides tips for holding a secure virtual meeting.
1 NIST, 2023, “Telework: Working Anytime, Anywhere”