As millions of Americans transition from an office environment to their homes to continue to work, maintaining cybersecurity while teleworking is imperative during this challenging time. For organizations/enterprises establishing telework security policies, remote access solutions, etc., NIST has developed a comprehensive telework resource guide that provides information on securing enterprise telework, remote access, and bring your own device (BYOD) solutions.

The new NIST Information Technology Laboratory (ITL) Bulletin on Telework Security is based on the 2016 NIST Special Publication (SP) 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, which remains relevant. Some key concepts in the bulletin include:

• Developing and enforcing a telework security policy, such as having tiered levels of remote access;
• Requiring multi-factor authentication for enterprise access; and
• Securing all types of telework client devices—including desktop and laptop computers, smartphones, and tables—against common threats.

This is just one of many available resources NIST has identified for organizations and individuals that are now teleworking in a larger capacity. These are linked from a Telework Cybersecurity section on the CSRC homepage:

• For teleworkers: two Cybersecurity Insights blog posts on 1) Telework Security Basics and 2) Preventing Eavesdropping and Protecting Privacy on Virtual Meetings; and
• For organizations: NIST Special Publications that support telework, mobile device security, and Transport Layer Security (TLS) use for virtual private networks (VPNs).

The Telework Cybersecurity summary will be updated as new NIST cybersecurity and privacy resources for telework become available.