As organizations attempt to navigate unplanned work-from-home services, it’s important to develop strategies to avoid exposing themselves to cybersecurity dangers.
The U.S. National Security Agency (NSA) has provided guidance for work-from-home, “Selecting and Safely Using Collaboration Services for Telework.”
“With limited access to government furnished equipment (GFE) such as laptops and secure smartphones, the use of (not typically approved) commercial collaboration services on personal devices for limited government official use becomes necessary and unavoidable,” the white paper says.
What’s the best way to choose these collaboration services? The NSA offers these criteria to consider:
- Does the service implement end-to-end encryption?
- Are strong, well-known, testable encryption standards used?
- Is multi-factor authentication (MFA) used to validate users’ identities?
- Can users see and control who connects to collaboration sessions?
- Do users have the ability to securely delete data from the service and its repositories as needed?
- Has the collaboration service’s source code been shared publicly (e.g. open source)?
- Has the service and/or app been reviewed or certified for use by a security-focused nationally recognized or government body?
- Is the service developed and/or hosted under the jurisdiction of a government with laws that could jeopardize USG official use?
Also suggested: tips for using such services securely:
- If possible, use government furnished equipment (GFE) that is managed and intended for government use only and secure services designed for government use.
- If you download a collaboration service app, be sure you know where it came from.
- Ensure that encryption is enabled when initiating a collaboration session.
- Use the most secure means possible for meeting invitation.
- Verify that only intended invitees are participating before beginning, and throughout, each session.
- Ensure that any information shared is appropriate for the participants.
- Ensure that your physical environment does not provide unintentional access to voice, video, or data during collaboration sessions.
Are you using one of these telework platforms? Here’s how their cybersecurity behavior stacks up: