Security in the age of telework continues to be a ‘shared responsibility’

While the debate around telework continues to simmer, there’s little doubt many feds will be able to continue working outside the office at least part of the time.

That fact makes a new study from the Interagency Security Committee on “Federal Mobile Workplace Security” especially pertinent for federal managers and rank-and-file employees alike. The study examines all aspects of security for the employee who takes their work outside the nominally safe confines of a federal office.

As part of an executive order signed last fall, President Joe Biden directed the ISC to provide best practices on mobile workforce security. But Daryle Hernandez, the Cybersecurity and Infrastructure Security Agency’s lead for the ISC, said the study was also driven by agency demand for security best practices in the age of telework.

“We had a number of security professionals and we had HR folks and a number of other disciplines that wanted to really look at security in the environment of telework and remote work,” Hernandez said in an interview.

Unsurprisingly, many of the best practices center on cybersecurity. The study offers a number of “do’s” and “don’ts” in that arena. Some may be obvious to most employees – for instance, make sure you use multifactor authentication and only carry out the business of the federal government on approved devices.

Others may be less apparent, like the recommendation to segment your home wireless network, so work is carried out on a sub-network that’s separate from Netflix and other personal uses. “Segmenting the devices prevents them from communicating with each other and can prevent viruses from spreading from one device to the next,” the study explains.

And beware your child’s AI-powered robot and other “smart” devices. “Employees need to be sensitive to external voice enabled smart devices in their home if they are in the same room the employee is working,” the study warns. “Conduct sensitive work-related calls away from voice enabled smart devices.”

In many ways, employees need to be more cybersecurity aware when outside the office. But federal IT departments still need to give employees the tools and training to stay cyber secure wherever they are.

“There are the actions that the agency takes, and then there are actions that the individual needs to take,” Hernandez said. “It is a shared responsibility.”

Telework and remote work risks aren’t just confined to cyberspace. The guide delves into “physical security considerations at home.” Trimming your hedges, for instance, can provide less places for intruders to conceal themselves. While that may seem overboard, Hernandez explained that it falls under what security professionals call “Crime Prevention Through Environmental Design.”

“One of the things that we really wanted to do was to be comprehensive,” Hernandez explained.

The guide also goes beyond securing the home office. With many employees towing their laptops to the local coffee shop, the guide provides detailed advice on working from public spaces. Again, some recommendations may seem obvious but worth hammering home, such as being discrete during Zoom meetings.

Others are less obvious “operational security” best practices, such as using a privacy screen filter to ward off prying eyes or not wearing clothes with emblems that would identify you as a federal employee.

And remote work and telework don’t necessarily make an agency inherently more insecure.  As the guide explains in the “continuity planning” section, remote work and telework can actually make the federal government more resilient, especially when a natural disaster or other emergency strikes.

“Modern advances in technology now make it possible for an enterprise to take advantage of capabilities allowing for continued operations under most circumstances,” the guide states.

The upshot is that the federal workforce is more dispersed than five years ago, agencies have plenty of best practices, training and other resources to ensure employees and their work stay secure, no matter where they log in.

“There are lots of ways that agencies can really implement this, but it really starts with the procedures, the training, and then the reinforcement with their workforce,” Hernandez said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.