CISA Releases Telework Toolkit to Help Businesses Transition to a Permanent Telework Environment

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a Telework Essentials Toolkit to help business leaders, IT staff, and end users transition to a permanent teleworking environment.

The COVID-19 pandemic forced businesses to rapidly change from having a largely office-based workforce to allowing virtually all employees to work from home to reduce the risk of infection. The speed at which the transition had to be made potentially introduced security vulnerabilities that weakened organizational cybersecurity defenses. The CISA Toolkit is intended to provide support to organizations to help them re-evaluate and strengthen their cybersecurity defenses and fully transition into a long-term teleworking solution.

The Toolkit includes three personalized modules that include best practices for executive leaders, IT professionals and teleworkers, and include the security considerations appropriate to each role.

Executive leaders are provided with information to help them drive cybersecurity strategy, investment, and develop a cyber secure hybrid culture in their organization. Resources are provided to help business leaders develop organizational policies and procedures for remote working, implement cybersecurity training to improve understanding on risks and threats when accessing organizational systems and data remotely, and moving organizational assets beyond the traditional perimeter where they may not be accessible to the organization’s monitoring and response capabilities. Advice is provided on addressing the basics of cyber hygiene with the workforce and providing clear and regular updates on cybersecurity best practices.

Guidance for IT professionals is focused on the policies, procedures, and tools that need to be implemented to ensure teleworkers can work and access the resources they need remotely. The guidance explains the importance of patching promptly and implementing effective vulnerability management practices, the need for zero trust architecture, multi-factor authentication, regular data backups, and DMARC validation to address the risks of phishing and business email compromise in relation to remote working environments. IT leaders must also stipulate the tools and applications that must be used when working remotely and provide training on how to use those tools securely.

Everyone has a role to play in the transition from temporary to permanent remote working, including end users. The third module is aimed at teleworkers and provides advice on the steps that need to be taken to work securely from home. These include making sure home networks are properly configured and hardened, following organizational secure practices and policies, increasing awareness of phishing and social engineering threats, and promptly communicating any suspicious activities to the IT security team.

The CISA Telework Essentials Toolkit can be downloaded on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.